Re: [OAUTH-WG] MTLS and in-browser clients using the token endpoint

[George Fletcher <gffletch@aol.com>]

What if the AS wants to ONLY support MTLS connections. Does it not 
specify the optional "mtls_endpoints" and just use the normal metadata 
values?

On 1/15/19 8:48 AM, Brian Campbell wrote:
> It would definitely be optional, apologies if that wasn't made clear. 
> It'd be something to the effect of optional for the AS to include and 
> clients doing MTLS would use it when present in AS metadata.
>
> On Tue, Jan 15, 2019 at 2:04 AM Dave Tonge 
> <dave.tonge@momentumft.co.uk <mailto:dave.tonge@momentumft.co.uk>> wrote:
>
>     I'm in favour of the `mtls_endpoints` metadata parameter -
>     although it should be optional.
>
>
> /CONFIDENTIALITY NOTICE: This email may contain confidential and 
> privileged material for the sole use of the intended recipient(s). Any 
> review, use, distribution or disclosure by others is strictly 
> prohibited..  If you have received this communication in error, please 
> notify the sender immediately by e-mail and delete the message and any 
> file attachments from your computer. Thank you./
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth