Closed msmock closed 8 months ago
Won't be done. Reading of the OAuth specification showed, that the client secret is used to authenticate the client application, while the network may be authenticated with mutual TLS. Thus the client secret replaces the digital signatures.
Change the text to make signed messages for request and response mandatory, if optional in IUA or OAuth: