Hi, I can’t see how client authentication prevents request tampering. Best, Nikos
> On 29 Nov 2024, at 2:55 PM, Benjamin Häublein <benjamin.haeubl...@cirosec.de> > wrote: > > Hi, > > the goal of PAR is to protect the parameters of the authorization request > from tampering. > If there is no authentication of the client anybody could push an > authorization request, and nothing would be gained. Thus, client > authentication is required. > > Best regards, > Benjamin > Von: Nikos Fotiou <fot...@aueb.gr> > Gesendet: Freitag, 29. November 2024 13:11 > An: oauth@ietf.org > Betreff: [OAUTH-WG] PAR and client authentication > > Hi, > I was wondering why in PAR the client authenticates itself also to the > authorization endpoint > (https://datatracker.ietf.org/doc/html/rfc9126#section-2.1). > > Best, > Nikos
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org