I noticed yesterday, in -16, that the first time that client_id is
mentioned is in a parenthetical in the second paragraph of section 3.1
which is a little awkward. The client_id parameter then shows up
inside two examples before being listed as a required parameter in
section 4.1.1, 4.1.3, 4.2.1 and others with a reference back to a
description in section 3.
client_id
REQUIRED. The client identifier as described in Section 3.
This feels a little circular to me, however, because section 3 never
really formally defines what client_id is.
Also, based on conversations on this list, I think I understand the
intent about how client_id should be handled for unauthenticated
clients (a value for client_id is always required for the
endpoints/grants listed in the core spec while client_secret, basic
auth or other means of authentication is optional) but I'm not sure
that is fully communicated in the text of -16.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
