On 5/24/11 11:31 AM, Brian Campbell wrote: > I noticed yesterday, in -16, that the first time that client_id is > mentioned is in a parenthetical in the second paragraph of section 3.1 > which is a little awkward. The client_id parameter then shows up > inside two examples before being listed as a required parameter in > section 4.1.1, 4.1.3, 4.2.1 and others with a reference back to a > description in section 3. > > client_id > REQUIRED. The client identifier as described in Section 3. > > This feels a little circular to me, however, because section 3 never > really formally defines what client_id is. > > Also, based on conversations on this list, I think I understand the > intent about how client_id should be handled for unauthenticated > clients (a value for client_id is always required for the > endpoints/grants listed in the core spec while client_secret, basic > auth or other means of authentication is optional) but I'm not sure > that is fully communicated in the text of -16.
Good point, Brian. I'm reviewing -16 too, and I noticed that we don't say what characters (Unicode code points) are allowed in the client_id parameter, how long it can be, how to perform comparison for authentication purposes, etc. Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
