SIM-Based OAuth - Why is client credential required when supplying client assertion?
SummaryWhen doing SIM-Based OAuth with an Untrusted Client - Why is basic auth client credential required when supplying a client assertion token?
Can anyone explain why the various documentation examples regarding using a client assertion token with explicit user credentials all require the additional basic authorization header associated with the client (id:secret). Isn't the very purpose of the client assertion token to alleviate the need to supply such a basic authorization header?
See these doc examples