On 37-01--10 11:59 AM, Brian Campbell wrote:
Yeah, I had just sort of being going off the assumption that
client_id is required& client_secret is not but, looking at -15
again, I agree that it's not entirely obvious. There's the text at
the end of section 3 that say allows for unauthenticated
they match - that's the "basic auth binding").
>
> I'll clarify it.
>
> EHL
>
>> -Original Message-
>> From: Brian Campbell [mailto:bcampb...@pingidentity.com]
>> Sent: Monday, May 16, 2011 3:45 PM
>> To: Vlad Skvortsov
>> Cc:
y 16, 2011 3:45 PM
> To: Vlad Skvortsov
> Cc: Eran Hammer-Lahav; oauth@ietf.org
> Subject: Re: [OAUTH-WG] unauthenticated token requests
>
> Yeah, I had just sort of being going off the assumption that client_id is
> required & client_secret is not but, looking at -15 again, I agre
Yeah, I had just sort of being going off the assumption that
client_id is required & client_secret is not but, looking at -15
again, I agree that it's not entirely obvious. There's the text at
the end of section 3 that say allows for unauthenticated clients.
Then in 3.1 both client_id & client_sec
On Fri, May 13, 2011 at 04:15:17PM -0700, Eran Hammer-Lahav wrote:
> The client_id is required. client_secret is not.
Ok, thanks! This might deserve a clarification in the spec though — not
obvious.
>
> EHL
>
> On May 13, 2011, at 16:00, "Vlad Skvortsov" wrote:
>
> > Hi,
> >
> > a have a que
The client_id is required. client_secret is not.
EHL
On May 13, 2011, at 16:00, "Vlad Skvortsov" wrote:
> Hi,
>
> a have a question regarding unauthenticated requests to a token endpoint
> in OAuth 2.0. The spec v2-15 section 3 says[1] that "the authorization
> server MAY allow unauthenticated
Hi,
a have a question regarding unauthenticated requests to a token endpoint
in OAuth 2.0. The spec v2-15 section 3 says[1] that "the authorization
server MAY allow unauthenticated access token requests when the client
identity does not matter". Does that mean omitting "client_id" and
"client_secr
