Hi, the goal of PAR is to protect the parameters of the authorization request from tampering. If there is no authentication of the client anybody could push an authorization request, and nothing would be gained. Thus, client authentication is required.
Best regards, Benjamin Von: Nikos Fotiou <fot...@aueb.gr> Gesendet: Freitag, 29. November 2024 13:11 An: oauth@ietf.org Betreff: [OAUTH-WG] PAR and client authentication Hi, I was wondering why in PAR the client authenticates itself also to the authorization endpoint (https://datatracker.ietf.org/doc/html/rfc9126#section-2.1). Best, Nikos
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
