Hi Ben,
understood! It seems some scheme identifier would be helpful.
thanks,
Torsten.
> Am 03.05.2019 um 03:12 schrieb Benjamin Kaduk :
>
>> On Tue, Apr 30, 2019 at 12:08:32PM +0200, Torsten Lodderstedt wrote:
>>
>>
Am 28.04.2019 um 06:08 schrieb Benjamin Kaduk :
On Wed, Apr
Hi Phil,
since mTLS is used at the tokens endpoint, native apps can definitely use their
own key pair. I would asunder such an app to act as public client, but mTLS
would allow such an app to bind its key pair with the token request to the
issued tokens.
Apps running in the browser is a separ
Hi everyone!
I've been running into a number of situations where it would have been
beneficial to have a few protocol/media-type agnositic link relation
types for user authentication purposes.
https://tools.ietf.org/html/draft-pot-authentication-link
Nothing here is coupled to OAuth, but the lin
On Tue, Apr 30, 2019 at 12:08:32PM +0200, Torsten Lodderstedt wrote:
>
>
> > Am 28.04.2019 um 06:08 schrieb Benjamin Kaduk :
> >
> >> On Wed, Apr 24, 2019 at 07:08:25PM +0200, Torsten Lodderstedt wrote:
> >> Hi Sascha,
> >>
> >> I see. I assume every element within the structured scope element
All,
As part of the shepherd write-up for the *JWT Response for OAuth Token
Introspection* draft, we are looking for information about implementations
for this document:
https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-introspection-response/
Are you aware of any implementations?
Regards,
Hi!
Draft-ietf-oauth-jwsreq-17 is currently in "Approved-announcement to be
sent::Revised I-D Needed". I reviewed the Feb-2017 ballot and see that
everything appears to have been addressed but:
** Mirja: "Should this document maybe update rfc6749?" -- I saw no response on
this item. What is
I was wondering if anyone had any recommended MTLS best practices for mobile
apps and native browsers.
Considering Section 6 of RFC8252…
After constructing the authorization request URI, the app uses
platform-specific APIs to open the URI in an external user-agent.
Typically, the externa
