Thank you, Taka!
I will check out the referenced document.
Regards,
Sascha
On Wed., Nov. 4, 2020, 19:15 Takahiko Kawasaki, wrote:
> Hi Sascha,
>
> The change you found in the draft 04 is the change made to the JAR (JWT
> Secured Authorization Request). Now, "client_id" is mandatory. I summariz
Hi Sascha,
The change you found in the draft 04 is the change made to the JAR (JWT
Secured Authorization Request). Now, "client_id" is mandatory. I summarized
technical details about JAR in the article below. It describes the reasons
for the necessity of "client_id". PAR is mentioned there, too.
Hi all!
A while ago I implemented draft 00 of this spec:
- https://tools.ietf.org/html/draft-ietf-oauth-par-04
Now, in draft 04, I see that a request to the /authorize endpoint is
defined with client_id and request_uri. The client_id was added since draft
00 (see: https://tools.ietf.org/html/draf
