Section 2.1 of draft 10 lacks a normative form definition of the client_id parameter. It appears only in the example, which itself contains parts not discussed until later in the spec, which some may find confusing. It is also not clear (to me) whether client_id must appear in the POST entity when it appears in the HTTP Basic authorization header since there is no discussion of it.
-- Andrew Arnott "I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
