I guess I don't see why there's a need to distinguish between, in the grant type identifier, how the client authenticates? (this is all presupposes, of course, some kind of assertion based client authentication technique)
On Fri, Jul 16, 2010 at 1:26 PM, Brian Eaton <bea...@google.com> wrote: > On Fri, Jul 16, 2010 at 12:22 PM, Brian Campbell > <bcampb...@pingidentity.com> wrote: >> +1 for something different but not "client password" as sounds like it >> would preclude other methods of client authentication > > I think it would work like this: > > grant_type=client_password: > maps to the "client password flow" from > http://tools.ietf.org/html/draft-hardt-oauth-01#page-13. > > grant_type=client_assertion > maps to the "client assertion" profile > http://tools.ietf.org/html/draft-hardt-oauth-01#section-5.2 > > Cheers, > Brian > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
