Am 11.05.2010 12:33, schrieb Vivek Khurana:
2. Client Authentication (in flows)
How should the client authenticate when making token requests? The current
draft defines special request parameters for sending client credentials. Some
have argued that this is not the correct way, and that the client should be
using existing HTTP authentication schemes to accomplish that such as Basic.
A. Client authenticates by sending its credentials using special parameters
(current draft)
B. Client authenticated by using HTTP Basic (or other schemes supported by the
server such as Digest)
Either of them is acceptable, but if we go with B, the specification
should specify the charset to be used for Basic authentication.
regards
Vivek
What about defining a new Authentication Scheme for the purpose of OAuth
client authentication? Would this help to deal with such problems?
regards,
Torsten.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
