Bellow is the only remark I found from reviewing the draft draft: 2.1. Request:
requires the parameters "code_challenge" and "code_challenge_method" but https://openid.net/specs/openid-financial-api-part-2-ID2.html#confidential-client mentions that RFC7636 is not required for confidential clients. I guess those two parameters have to be taken off the mandatory list and pushed to the list below. - Using jwsreq, non repudiation is provided as request is signed (jws). This section also mentions that the request can be sent as form url encoded (x-www-form-urlencoded). In this case, there is no way to provide non repudiation unless we mention that request can be signed by client using signature methods declared by the AS (AS metadata). Best regards /Francis On Fri, Jul 31, 2020 at 9:12 AM <internet-dra...@ietf.org> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Web Authorization Protocol WG of the IETF. > > Title : OAuth 2.0 Pushed Authorization Requests > Authors : Torsten Lodderstedt > Brian Campbell > Nat Sakimura > Dave Tonge > Filip Skokan > Filename : draft-ietf-oauth-par-03.txt > Pages : 19 > Date : 2020-07-31 > > Abstract: > This document defines the pushed authorization request endpoint, > which allows clients to push the payload of an OAuth 2.0 > authorization request to the authorization server via a direct > request and provides them with a request URI that is used as > reference to the data in a subsequent authorization request. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-oauth-par/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-oauth-par-03 > https://datatracker.ietf.org/doc/html/draft-ietf-oauth-par-03 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-par-03 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- Francis Pouatcha Co-Founder and Technical Lead adorsys GmbH & Co. KG https://adorsys-platform.de/solutions/
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
