Hi, I can’t see how client authentication prevents request tampering. Best, Nikos
> On 29 Nov 2024, at 2:55 PM, Benjamin Häublein <[email protected]> > wrote: > > Hi, > > the goal of PAR is to protect the parameters of the authorization request > from tampering. > If there is no authentication of the client anybody could push an > authorization request, and nothing would be gained. Thus, client > authentication is required. > > Best regards, > Benjamin > Von: Nikos Fotiou <[email protected]> > Gesendet: Freitag, 29. November 2024 13:11 > An: [email protected] > Betreff: [OAUTH-WG] PAR and client authentication > > Hi, > I was wondering why in PAR the client authenticates itself also to the > authorization endpoint > (https://datatracker.ietf.org/doc/html/rfc9126#section-2.1). > > Best, > Nikos
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
