DP: Include `client_id` as a MUST.
Issue #63
invalid
draft-ietf-oauth-jwsreq-11 states on page 7.
To sign, JSON Web Signature (JWS) [RFC7515] is used. The result is a JWS signed JWT [RFC7519]. If signed, the Authorization Request Object SHOULD contain the Claims "iss" (issuer) and "aud" (audience) as members, with their semantics being the same as defined in the JWT [RFC7519] specification.
This should be changed into:
To sign, JSON Web Signature (JWS) [RFC7515] is used. The result is a JWS signed JWT [RFC7519]. If signed, the Authorization Request Object MUST contain a client_id parameter and SHOULD contain a "iss" (issuer) parameter and an "aud" (audience) parameter, with their semantics being the same as defined in the JWT RFC7519] specification.
Comments (3)
-
reporter -
reporter - changed status to open
-
reporter - changed status to invalid
- Log in to comment
Propose REJECT.
client_id
is already REQUIRED in RFC6749.