- DPoP and Step-Up (hello Brian :) TL;DR: can we use DPoP and Step-Up together?
The question is probably more about understanding of the process rather than technical details. If I understand correctly, Step-Up is meant to amend/extend RFC 6750. Can we say that the features defined in Step-Up automatically become available for the specs that build on top of 6750, e.g. DPoP? In other words, would the following response be considered valid: HTTP/1.1 401 Unauthorized WWW-Authenticate: DPoP algs="ES256 PS256", error="insufficient_user_authentication", error_description="A different authentication level is required", acr_values="myACR" - DPoP conformance Is there any "official" conformance suite that could be used to test an AS/RS for DPoP conformance? would that be the OIDC Conformance Suite (its FAPI2 part)? Thanks, Dmitry
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
