Hi, the goal of PAR is to protect the parameters of the authorization request from tampering. If there is no authentication of the client anybody could push an authorization request, and nothing would be gained. Thus, client authentication is required.
Best regards, Benjamin Von: Nikos Fotiou <[email protected]> Gesendet: Freitag, 29. November 2024 13:11 An: [email protected] Betreff: [OAUTH-WG] PAR and client authentication Hi, I was wondering why in PAR the client authenticates itself also to the authorization endpoint (https://datatracker.ietf.org/doc/html/rfc9126#section-2.1). Best, Nikos
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
