Putting the client_id here and then requiring to verify it means it's not actually useful here, except maybe to fulfill OAuth expectations that there is a client_id, and potentially dangerous if someone uses it instead of discovering the endpoint independently.
I'd tend toward removing it. (or putting the vallue of me in there?)
https://github.com/sknebel/AutoAuth/blob/master/AutoAuth.md#token-request
Putting the
client_idhere and then requiring to verify it means it's not actually useful here, except maybe to fulfill OAuth expectations that there is a client_id, and potentially dangerous if someone uses it instead of discovering the endpoint independently.I'd tend toward removing it. (or putting the vallue of
mein there?)https://github.com/sknebel/AutoAuth/blob/master/AutoAuth.md#token-request