Add client_id to get token endpoint

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-03-09 12:35:20 -08:00 · 2016-03-09 12:35:20 -08:00 · 093fbdbfc4
parent 66d6eaa83f
commit 093fbdbfc4
1 changed files with 10 additions and 0 deletions
--- a/docs/spec/auth/token.md
+++ b/docs/spec/auth/token.md
@ -111,6 +111,16 @@ Defines getting a bearer and refresh token using the token endpoint.
        subject with different scopes. The refresh token does not have an
        expiration and should be considered completely opaque to the client.
    </dd>
+    <dt>
+        <code>client_id</code>
+    </dt>
+    <dd>
+        String identifying the client. This client_id does not need
+        to be registered with the authorization server but should be set to a
+        meaningful value in order to allow auditing keys created by unregistered
+        clients. Accepted syntax is defined in
+        [RFC6749 Appendix A.1](https://tools.ietf.org/html/rfc6749#appendix-A.1).
+    </dd>
    <dt>
        <code>scope</code>
    </dt>