I have had a couple reviewers comment whether this means client authentication is optional in Sec 3.12 for token refresh:
> * authentication of this client_id during token refresh, if > possible, and Do we not mean authentication of the client or some equivalent (e.g. looking at browser cookies). Phil Oracle Corporation, Cloud Security and Identity Architect @independentid www.independentid.com <http://www.independentid.com/>phil.h...@oracle.com <mailto:phil.h...@oracle.com>
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
