ian Campbell; oauth
> Subject: RE: [OAUTH-WG] Proposed language for section 2.2 on Client
> Assertions
>
> So how do we resolve if the language goes into the spec?
> Thanks,
> Yaron
>
> > -Original Message-
> > From: oauth-boun...@ietf.
oauth
> Subject: Re: [OAUTH-WG] Proposed language for section 2.2 on Client
> Assertions
>
> Makes sense. Personally, I don't have any preference on including it or not.
>
> EHL
>
> > -Original Message-
> > From: oauth-boun...@ietf.org [mailto:oa
Re: [OAUTH-WG] Proposed language for section 2.2 on Client
> Assertions
>
> A client_id parameter would still be presented in the end user authorization
> request. The text Brian E. quoted is what mandates any
> specifications/documents/agreements that define how to use client
> as
A client_id parameter would still be presented in the end user
authorization request. The text Brian E. quoted is what mandates any
specifications/documents/agreements that define how to use client
assertions must also define the association between the client_id and
some field(s) in the assertion.
On Mon, Jul 26, 2010 at 4:11 PM, Eran Hammer-Lahav wrote:
> How do you link the client_id using in the authorization endpoint with the
> client assertion using in the token endpoint?
In theory:
"any document that defines how to use an assertion of a particular
type with OAuth 2.0 MUST define ho
n Goland; oauth@ietf.org
> Subject: Re: [OAUTH-WG] Proposed language for section 2.2 on Client
> Assertions
>
> On Mon, Jul 26, 2010 at 2:08 PM, Eran Hammer-Lahav
> wrote:
> > I understand that in many assertions, the client identifier is
> > established internally, but this
On Mon, Jul 26, 2010 at 2:08 PM, Eran Hammer-Lahav wrote:
> I understand that in many assertions, the client identifier is established
> internally, but this approach will completely prevent using the assertion
> client authentication method with other flows that involve getting a code.
I'm prett
By not incorporating the client_id parameter, you are preventing this client
authentication mode from being used with the end-user authorization endpoint.
In -09 I tried to separate the client_id from the client_secret, basically
moving the client_id to the token endpoint as an endpoint paramete
