Hi,
I just read the document and have minor feedback:
Under "2.3 Client Authentication" you mention mTLS (RFC8705) and reference
OpenID.
I am kind of missing RFC7523 here (JWT client authentication). Also, the OpenID
link is broken.
Best
Martin
> On 12. Mar 2020, at 01:28, Aaron Parecki wrot
I'm happy to share that Dick and Torsten and I have published a first
draft of OAuth 2.1. We've taken the feedback from the discussions on
the list and incorporated that into the draft.
https://tools.ietf.org/html/draft-parecki-oauth-v2-1-01
A summary of the differences between this draft and OAu
On Tue, Mar 10, 2020 at 10:21 AM Mike Jones wrote:
> I haven’t thought about PAR but would welcome thoughts. In general, I
> assume that the “htu” value should be the actual endpoint used. What do
> others think?
>
Yeah, in general, the “htu” and "htm" values should probably be related to
the
Hi Andrii,
> On 10. Mar 2020, at 22:11, Andrii Deinega wrote:
>
> Justin,
>
> Aren’t these things considered as valid concerns?
>
> The introspection endpoint allows to introspect a refresh token for
> its consumers whether they are clients or RSs assuming they were
> successfully authenticate
