(1)
The requirement in the paragraph below excerpted from "3. Requesting a JWT
Access Token":
*If it receives a request for an access token containing more than one
resource parameter, an authorization server issuing JWT access tokens MUST
reject the request and fail with "invalid_request" as desc
Hi all,
Allow me some comments and forgive me if some of them are naïve.
- In Section 2.2 why nbf claim
(https://tools.ietf.org/html/rfc7519#section-4.1.5) is not considered? I can
imagine some interesting applications of this claim.
- In the same section, it is not clear why some claims are
Support the adoption of DPoP.
BR,
Bjorn
On Tue, Mar 17, 2020 at 5:21 AM Rifaat Shekh-Yusef
wrote:
> All,
>
> As per the conclusion of the PoP interim meeting, this is a call for
> adoption for the *OAuth 2.0 Demonstration of Proof-of-Possession at the
> Application Layer (DPoP)* document:
> ht
Hi all,
this is a working group last call for "JSON Web Token (JWT) Profile for OAuth
2.0 Access Tokens".
Here is the document:
https://tools.ietf.org/html/draft-ietf-oauth-access-token-jwt-04
Please send you comments to the OAuth mailing list by April 6, 2020.
Ciao
Hannes & Rifaat
IMPORTANT NO
+1
On 3/23/20 1:57 PM, Vittorio Bertocci wrote:
+1
On Tue, Mar 17, 2020 at 8:16 AM Mike Jones wrote:
I am for adoption of DPoP.
-- Mike
*From:* OAuth *On Behalf Of * Rifaat Shekh-Yusef
*Sent:* Tuesday, March 17, 2020 5:21 AM
*To:
+1
On Tue, Mar 17, 2020 at 8:16 AM Mike Jones wrote:
> I am for adoption of DPoP.
>
>
>
>-- Mike
>
>
>
> *From:* OAuth *On Behalf Of * Rifaat Shekh-Yusef
> *Sent:* Tuesday, March 17, 2020 5:21 AM
> *To:* oauth
> *Subject:* [OAUTH-WG] Call
