2021-07-10 UTC
# Zegnat aaronpk: OAuth question, I am looking at RFC 7009 (revocation) for security considerations, to see if I am implementing it right. And the following confuses me: "According to this specification, a client's request must contain a valid client_id, in the case of a public client". I cannot find an example in the spec on how it expects public clients to send their client_id along with the revocation request. Nor does IndieAuth hint at it