On Fri, May 13, 2011 at 04:15:17PM -0700, Eran Hammer-Lahav wrote: > The client_id is required. client_secret is not.
Ok, thanks! This might deserve a clarification in the spec though — not obvious. > > EHL > > On May 13, 2011, at 16:00, "Vlad Skvortsov" <v...@aboutecho.com> wrote: > > > Hi, > > > > a have a question regarding unauthenticated requests to a token endpoint > > in OAuth 2.0. The spec v2-15 section 3 says[1] that "the authorization > > server MAY allow unauthenticated access token requests when the client > > identity does not matter". Does that mean omitting "client_id" and > > "client_secret" parameters altogether? > > > > In our setting there are two types of clients: regular clients with > > proper credentials (username/password) and JavaScript clients working > > anonymously. The server is supposed to grant different permissions to > > these groups of clients based on the authentication method used. > > > > It's not clear from the spec how the anonymous access should be > > requested. Please advice! > > > > Thanks! > > > > [1]: http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-3 > > > > -- > > Vlad Skvortsov, VP Engineering Echo, v...@aboutecho.com > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth -- Vlad Skvortsov, v...@aboutecho.com _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
