Hi, Is this applicable to public (non-confidential) clients only? For confidential clients, the verification of the client_secret doesn't seem to be addressed by this proposal (token endpoint interactions). We could however extend it to address this scenario, namely by using encrypted JWTs with client_secret verification information.
Thanks Pedro On Tue, Oct 15, 2013 at 1:01 AM, John Bradley <ve7...@ve7jtb.com> wrote: > A new version of I-D, draft-bradley-stateless-oauth-client-00.txt > has been successfully submitted by John Bradley and posted to the > IETF repository. > > Filename: draft-bradley-stateless-oauth-client > Revision: 00 > Title: Stateless Client Identifier for OAuth 2 > Creation date: 2013-10-15 > Group: Individual Submission > Number of pages: 4 > URL: > http://www.ietf.org/internet-drafts/draft-bradley-stateless-oauth-client-00.txt > Status: > http://datatracker.ietf.org/doc/draft-bradley-stateless-oauth-client > Htmlized: > http://tools.ietf.org/html/draft-bradley-stateless-oauth-client-00 > > > Abstract: > This draft provides a method for communicating information about an > OAuth client through its client identifier allowing for fully > stateless operation. > > > > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
