I just noticed that the spec is very explicit on the MTLS auth method being used for the token endpoint, but it could also work with other endpoints, e.g. RFC 7009 (revocation), 7662 (intospection).
Were there any talks about that? Vladimir
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
