The client_id is required. client_secret is not. EHL
On May 13, 2011, at 16:00, "Vlad Skvortsov" <v...@aboutecho.com> wrote: > Hi, > > a have a question regarding unauthenticated requests to a token endpoint > in OAuth 2.0. The spec v2-15 section 3 says[1] that "the authorization > server MAY allow unauthenticated access token requests when the client > identity does not matter". Does that mean omitting "client_id" and > "client_secret" parameters altogether? > > In our setting there are two types of clients: regular clients with > proper credentials (username/password) and JavaScript clients working > anonymously. The server is supposed to grant different permissions to > these groups of clients based on the authentication method used. > > It's not clear from the spec how the anonymous access should be > requested. Please advice! > > Thanks! > > [1]: http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-3 > > -- > Vlad Skvortsov, VP Engineering Echo, v...@aboutecho.com > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
