You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This draft doesn't directly use the assertion framework anymore, but I think the idea (to not require client_id) makes sense here as well. This would basically mean this?
if client_id exists, then
Attestation sub MUST be equal to client_id
Attestation PoP iss MUST be equal to client_id
otherwise client_id is implicit and
Attestation sub MUST be equal to Attestation PoP iss
OAuth2 chapter 4.1.3 Access Token Request says:
but then client assertion drafts make client_id optional https://datatracker.ietf.org/doc/html/rfc7521
Would you agree that client_id should be optional in this draft, too?
The text was updated successfully, but these errors were encountered: