> Am 10.05.2019 um 22:27 schrieb George Fletcher :
>
> One thing to keep in mind with the "Push Request Object" model and the
> concept of a more detailed scope structure, if the specified values are not
> for a single transaction, then the AS will be required to keep the "Pushed
> Request Ob
We looked at giving clients a public client id they could use to perform an
authorize with scope “dcr” to get an AT to be used as an IAT.
While it works it seems like overkill. The main risk with the DCR endpoint is
generating too many IDs ... a DoS issue primarily since having an ID is not
au
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol WG of the IETF.
Title : The OAuth 2.0 Authorization Framework: JWT Secured
Authorization Request (JAR)
Authors : Nat Saki
Hi Justin,
background of my query is that we want to offer in our company the possibility
of dynamic client registration.
Unfortunately, the topic initial access token - how do I get it and how exactly
it is constructed - is not exactly specified - it is out of scope.
That is the reason why I sea
