The question wasn't about PAR, tho I agree that in PAR the natural result would be either invalid_client (i.e. the client couldn't be authenticated) or invalid_client_metadata.
S pozdravem, *Filip Skokan* On Sun, 12 Oct 2025 at 17:53, Emelia S. <[email protected]> wrote: > For PAR, there might be an error code, in which case, it'd be any of the > ones suggested earlier in this thread, which even is most appropriate. > > (though generally we recommend deferring fetching of the Client ID > Metadata Document until after the user has authenticated) > > – Emelia > > On 12 Oct 2025, at 16:37, Filip Skokan <[email protected]> wrote: > > 2. What is the error if a client_id using this scheme on the authorization >> endpoint isn't acceptable? "unauthorized_client"? >> > > There's no "error" returned. A rendered error page is expected since > there's no client ergo no validated redirect_uri. > > S pozdravem, > *Filip Skokan* > > > On Sat, 11 Oct 2025 at 21:43, Michael Sweet <msweet= > [email protected]> wrote: > >> All, >> >> I finally had a chance to look through this latest (adopted) draft, and I >> like the simplicity this brings over dynamic client registration. That >> said, I have a couple quick comments/questions: >> >> 1. What about PKCE/OpenID "native" authorization with a redirect URI of " >> http://127.0.0.1/some/path";? There is discussion of "maybe the AS will >> require same-origin URIs" but that would preclude native auth flows. Would >> be nice to talk about it and, if optional, have some guidance about what >> the AS does. >> >> 2. What is the error if a client_id using this scheme on the >> authorization endpoint isn't acceptable? "unauthorized_client"? >> >> Thanks to the AS metadata, I can see supporting this in the CUPS OAuth >> client fairly quickly... >> >> ________________________ >> Michael Sweet >> >> _______________________________________________ >> OAuth mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> > _______________________________________________ > OAuth mailing list -- [email protected] > To unsubscribe send an email to [email protected] > > >
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
