We are using Apigee's Oauth2 policy; we are also using a proxy to redirect a user to our oauth2 login page. The proxy appends the requesting client's app name along with the 302 location. However the client could also access the login page directly, and fake the app name instead.
Giving just the client_id as part of the initial oauth2 auth code flow, is there a trusted way to get the client's app name?
LinkedIn
Twitter
