Hi All
I'm having a discussion with my colleagues on the pros and cons of
sharing a client_id.
For example, say we have N number of public mobile applications (the
same application package, an application instance on an individual
phone), and one approach is for each of these applications to have the
same client_id.
I've been trying to analyze why it can be bad and the only thing I can
come up with is that there will be no (easy) way to track which
application instance actually accessed a given RS.
Can someone please explain what the pros and cons are of having the same
client_id shared between public client applications.
And what about multiple confidential clients being set up with the same
id/secret. I suspect it is a bad idea but what is main line why it is a
bad idea, lets say it is all done in the protected network, no chance of
the bad clients interfering...
Thanks, Sergey
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
