Re: [OAUTH-WG] JWT Response for OAuth Token Introspection implementations

Thanks Vladimir! On Mon, May 6, 2019 at 2:40 PM Vladimir Dzhuvinov wrote: > Hi Rifaat, > > On 02/05/2019 23:46, Rifaat Shekh-Yusef wrote: > > All, > > > > As part of the shepherd write-up for the *JWT Response for OAuth Token > > Introspection* draft, we are looking for information about > imple

Re: [OAUTH-WG] JWT Response for OAuth Token Introspection implementations

Thanks Filip! On Fri, May 3, 2019 at 3:32 AM Filip Skokan wrote: > Hi Rifaat, > > node.js OSS oidc-provider implements the document in full behind an > optional feature toggle - > https://github.com/panva/node-oidc-provider/blob/master/docs/README.md#featuresjwtintrospection > > Best, > Filip >

[OAUTH-WG] Public key authenticated encryption for JWTs [Was Re: JWT ATs and authenticated encryption]

OK, I have put together a (very) rough first draft here - https://datatracker.ietf.org/doc/draft-madden-jose-ecdh-1pu/ I have an implementation so I will try to find some time to generate some test vectors, but essentially you do ex

Re: [OAUTH-WG] Recommendations for OAuth 2.0 with Browser-Based Apps

On woensdag 8 mei 2019 22:55:47 CEST David Waite wrote: > > How would you tie a refresh token to a user session on the AS? This would > > depend on the user visiting the AS on a regular basis and using a logout > > button when done. Most people simply close their browser when they're > > done, > >

Re: [OAUTH-WG] Token Exchange status and Resource Indicators

(reposting this to the list, due to an error on my part the mail got sent privately) > > > > - Can 'audience' be added to 'Resource Indicators for OAuth 2.0'? > > > > > > No, that's beyond it's current scope. And it is well past last call in > > > the WG. But note that a logical identifier can be