The client_id is required. client_secret is not.
EHL
On May 13, 2011, at 16:00, "Vlad Skvortsov" wrote:
> Hi,
>
> a have a question regarding unauthenticated requests to a token endpoint
> in OAuth 2.0. The spec v2-15 section 3 says[1] that "the authorization
> server MAY allow unauthenticated
Hi,
a have a question regarding unauthenticated requests to a token endpoint
in OAuth 2.0. The spec v2-15 section 3 says[1] that "the authorization
server MAY allow unauthenticated access token requests when the client
identity does not matter". Does that mean omitting "client_id" and
"client_secr
-Doug Tangren
http://lessis.me
On Fri, May 13, 2011 at 12:58 PM, Francisco Corella wrote:
> We wrote a security analysis of double redirection protocols that has a
> section on OAuth 2.0 as of draft 11. You can find it at
> http://pomcor.com/techreports/DoubleRedirection.pdf
>
>
Wow, this looks
We wrote a security analysis of double redirection protocols that has a section
on OAuth 2.0 as of draft 11. You can find it at
http://pomcor.com/techreports/DoubleRedirection.pdf
Francisco
--- On Fri, 5/13/11, Mark Mcgloin wrote:
From: Mark Mcgloin
Subject: [OAUTH-WG] Formal security proto
Does anyone know of a formal security protocol analysis that has been
carried out for OAuth 2.0?
I could only find analysis done against 1.0a, like this one:
http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5762765
thanks
Mark
___
OAuth maili
