Token endpoint requirement for `client_id` parameter

Currently we require that `client_id` parameter is always present for requests on token endpoint. However, [OAuth2](https://www.rfc-editor.org/rfc/rfc6749.html#section-4.1.3) says:

> client_id
         REQUIRED, if the client is not authenticating with the
         authorization server as described in Section 3.2.1.

This needs to be brought in line with the fact that, for example, we support `private_key_jwt` [client authentication](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Token endpoint requirement for `client_id` parameter #306

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Token endpoint requirement for client_id parameter #306

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Token endpoint requirement for `client_id` parameter #306