Hi,
I can’t see how client authentication prevents request tampering. 

Best,
Nikos


> On 29 Nov 2024, at 2:55 PM, Benjamin Häublein <benjamin.haeubl...@cirosec.de> 
> wrote:
> 
> Hi,
>  
> the goal of PAR is to protect the parameters of the authorization request 
> from tampering.
> If there is no authentication of the client anybody could push an 
> authorization request, and nothing would be gained. Thus, client 
> authentication is required.
>  
> Best regards,
> Benjamin
> Von: Nikos Fotiou <fot...@aueb.gr> 
> Gesendet: Freitag, 29. November 2024 13:11
> An: oauth@ietf.org
> Betreff: [OAUTH-WG] PAR and client authentication
>  
> Hi,
> I was wondering why in PAR the client authenticates itself also to the 
> authorization endpoint 
> (https://datatracker.ietf.org/doc/html/rfc9126#section-2.1).
>  
> Best,
> Nikos

_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org

Reply via email to