Yes, this is my intent - adding a new client assertion (currently the name I am thinking of is jwt-otp-assertion). The blog post was on how to do that by using existing OAuth/Open id flows.
On Thu, Feb 15, 2018 at 4:37 PM, Vladimir Dzhuvinov <vladi...@connect2id.com > wrote: > Hi Omer and welcome to the Oauth WG, > > On 14/02/18 22:48, Omer Levi Hevroni wrote: > > Hello > > My name is Omer, and I am working at Soluto. We wanted to find a way to > > authenticate our mobile application, without any user interaction - as > this > > will affect the user experience. We developed a new authentication flow, > > similar to JWT client assertion. I've gave a talk about this flow in a > few > > conferences, and the main feedback was that it is interesting enough to > > consider writing a RFC about it. > > Currently I'm looking to hear more opinions before starting to write RFC > - > > so any feedback will be appreciated. I'm also looking for someone to help > > me getting started and reviewing the RFC - if you're interested let me > know. > > To find more about this solution: > > - This is a blog post describing it: https://blog.solutotlv.com > > /userless-mobile-authentication/ > > - This is a link to the slides (recording should be available soon): > > https://www.slideshare.net/SolutoTLV/authentication-w > > ithout-authentication-appsec-california > Looks like a neat protocol to maintain a continuous auth session between > client and AS. > > Did you take a look at https://tools.ietf.org/html/rfc7523#section-2.1 ? > > This may be more suitable to pass the JWT, rather than tunneling it via > the password grant. > > Vladimir > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
