Prohibit following redirects whilst fetching Client Metadata

ThisIsMissEm · ThisIsMissEm · commit 6d3ef906b99b · 2025-09-29T19:40:41.000+02:00
diff --git a/draft-parecki-oauth-client-id-metadata-document.md b/draft-parecki-oauth-client-id-metadata-document.md
@@ -151,7 +151,8 @@ the client to the user in an authorization consent screen, for example the
 client name and logo.
 
 The authorization server SHOULD fetch the document indicated by the `client_id`
-to retrieve the client registration information.
+to retrieve the client registration information. The authorization server
+MUST NOT follow HTTP redirects when fetching the Client Metadata.
 
 ## Client Metadata
 
