We should be able to have a single auth method permit private clients,
while other auth methods permit public clients. For example, bearer
token based auth for token introspection should allow any client,
while client auth must only permit private clients. As such,
this patch moves the client processing filter into the Authentication
filters, not the Authorization filters.
We should be able to have a single auth method permit private clients, while other auth methods permit public clients. For example, bearer token based auth for token introspection should allow any client, while client auth must only permit private clients. As such, this patch moves the client processing filter into the Authentication filters, not the Authorization filters.