Hi Mike,
does this mean the binding ID is indicated to the authorization server
via a respective HTTP header? I'm asking because I didn't find the
respective parameter in the draft.
Could you add a HTTP request example? I think that would help a lot to
better understand the mechanism.
best regards,
Torsten.
Am 20.09.2016 um 21:16 schrieb Mike Jones:
The OAuth Token Binding specification has been revised to use the
Referred Token Binding ID when performing token binding of access
tokens. This was enabled by the Implementation Considerations in the
Token Binding HTTPS specification being added to make it clear that
Token Binding implementations will enable using the Referred Token
Binding ID in this manner. Protected Resource Metadata was also defined.
Thanks to Brian Campbell for clarifications on the differences between
token binding of access tokens issued from the authorization endpoint
versus those issued from the token endpoint.
The specification is available at:
·http://tools.ietf.org/html/draft-ietf-oauth-token-binding-01
An HTML-formatted version is also available at:
·http://self-issued.info/docs/draft-ietf-oauth-token-binding-01.html
-- Mike
P.S. This notice was also posted at http://self-issued.info/?p=1610
<http://self-issued.info/?p=1610> and as @selfissued
<https://twitter.com/selfissued>.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
