[OAUTH-WG] Re: Updates to JWT Client Authentication and Assertion-Based Authorization Grants - Shepherd Write-up - Implementations

Wed, 25 Feb 2026 06:54:18 -0800 

Duende.IdentityServer <https://docs.duendesoftware.com/identityserver/>,
the .NET framework for building OAuth and OIDC token servers, supports
optional strict validation of the audience header
<https://docs.duendesoftware.com/identityserver/tokens/client-authentication/#strict-audience-validation>
(optional
for backward compatibility).

We've also updated our guidance and sample code
<https://github.com/DuendeSoftware/foss/blame/1c74e3d25062e0b525b8d037b8ae5e3ea84c1de3/access-token-management/samples/WebJarJwt/ClientAssertionService.cs#L50-L53>
for
our open source client libraries, such as Duende.AccessTokenManagement,
discouraging the use of the token endpoint as the audience.

Cheers,
Joe DeCock

On Tue, Feb 24, 2026 at 1:44 PM Rune Andreas Grimstad <[email protected]> wrote:

> The HelseID ecosystem follows these recommendations, except the ones
> regarding SAML since it is not a supported supported protocol. We also
> offer client libraries for .NET and Java that follow them.
>
>
> ------------------------------
> *From:* Rifaat Shekh-Yusef <[email protected]>
> *Sent:* Tuesday, February 24, 2026 8:06 PM
> *To:* oauth <[email protected]>
> *Subject:* [OAUTH-WG] Updates to JWT Client Authentication and
> Assertion-Based Authorization Grants - Shepherd Write-up - Implementations
>
> All,
>
> As part of the shepherd write-up for the *Updates to OAuth 2.0 JSON Web
> Token (JWT) Client Authentication and Assertion-Based Authorization Grants*
>  document,
> we are looking for information about implementations of this draft to
> support its publication.
> https://datatracker.ietf.org/doc/draft-ietf-oauth-rfc7523bis/
>
> Please, reply to this email, on the mailing list, with any implementations
> that you are aware of to support this document.
>
> Regards,
> Rifaat
>
> _______________________________________________
> OAuth mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
>

_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to