Thanks for catching that Aaron. I'll fix those two examples accordingly. On Thu, Dec 22, 2022 at 2:39 PM Aaron Parecki <aa...@parecki.com> wrote:
> In section 5, the example access token requests are missing either the > client_id parameter in the POST body or the client authentication in the > HTTP header. > > https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-11.html#section-5 > > Given that DPoP is primarily targeted at public clients, I would recommend > adding the client_id parameter to the POST body in the example. This goes > for both the authorization_code grant as well as the refresh_token grant. > > I believe this is a purely editorial change since DPoP doesn't change any > requirements about client authentication or the client_id parameter. > > --- > Aaron Parecki > > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
