Link relation is not at all XML. It is a step forward to RESTfulness.
In the older version of the draft, I was using JSONized version of it as
well, but I splitted it out for the sake of brevity.
It is all about dynamic metadata about the response.
Once we do it with RFC5988, we could easily create
I really think that this is a step backwards relative to technology and what
the developers would accept. The Link Relations takes us back to the XML days,
I thought we have all moved on from that and at least trying to move Oauth to
JSON. I think if this were adopted we might be splitting the d
Phil,
There are four standard session ending controls.
1) Logout
2) Idle session timeout
3) Absolute timeout
4) Forced re-authentication
I think these are still important and tend to not get full attention from the
OAuth/OIDC crowd. :)
But the OAuth 2 standard in particular is a framework - n
Fwiw, French govt's FranceConnect, which uses OpenID Connect, has sample
apps using web views, and not using PKCE :-( (haven't looked in more
details; don't know whether their AS supports PKCE).
I just implemented PKCE in Ozwillo 10 days ago after reading this doc. I
still have some work to do to p
