We could switch the order to say “JWT request to the Authorization Endpoint”,
but that is a bit long.
John B.
> On Oct 9, 2015, at 12:23 PM, Nat Sakimura wrote:
>
> The reason for saying authorization request is that there are two types of
> requests in RFC6749; authorization request and tok
But its all authorization, even the token request
--
Jim Manico
@Manicode
Secure Coding Education
+1 (808) 652-3805
> On Oct 9, 2015, at 5:23 PM, Nat Sakimura wrote:
>
> The reason for saying authorization request is that there are two types of
> requests in RFC6749; authorization request
The reason for saying authorization request is that there are two types of
requests in RFC6749; authorization request and token request. This draft
deals with the former and thus named JAR.
Nat
2015年10月9日金曜日、Jim Manicoさんは書きました:
> The word authorization is implied by OAuth, consider "OAuth 2.0 JW
Actually, I believe that came from the restrictions on some of the wap
browsers. Now they are practically gone, it should be ok to remove the
restriction. Remember that the draft actually started back in 2007 :-)
2015年10月9日金曜日、さんは書きました:
> Nat,
>
> Could you please add reasons on why the 512 in th
Nat,
Could you please add reasons on why the 512 in this sentence
"The entire Request URI MUST NOT exceed 512 ASCII characters"?
It is in this section
https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-05#section-4.2
I assume it is hard to justify exactly this number and given that, I
https://tools.ietf.org/html/rfc6749#section-4.1.1 Authorization Request is
explicit too.
Naming could be about the why or the what. JAR is in the what-is-is category.
“Signed and Encrypted Authorization Request” would be more in the why category.
I think JAR is not bad.
-A
From: OAuth [mailto:
