Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-browser-based-apps-07.txt

Hi all, Based on some of the discussions from our virtual interim meeting and the OAuth Security Workshop, I published a (minor) update to the browser app BCP. https://tools.ietf.org/html/draft-ietf-oauth-browser-based-apps-07 The primary changes are: * Revised the language around PKCE/Implicit

[OAUTH-WG] I-D Action: draft-ietf-oauth-browser-based-apps-07.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol WG of the IETF. Title : OAuth 2.0 for Browser-Based Apps Authors : Aaron Parecki David Waite

[OAUTH-WG] JWT access tokens and the revocation endpoint

Hi WG, https://tools.ietf.org/html/draft-ietf-oauth-access-token-jwt-10 provides the flowing about JWT access tokens “resource servers can consume them directly for authorization or other purposes without any further round trips to introspection ( [RFC7662]) or userinfo [OpenID.Core]) endpoints.”

Re: [OAUTH-WG] AD Review of draft-ietf-oauth-jwt-introspection-response-09

Hi Torsten! Sorry for my tardy response. Yes, the proposed edits and explanations address my concerns. Roman > -Original Message- > From: Torsten Lodderstedt > Sent: Wednesday, August 26, 2020 8:26 AM > To: Roman Danyliw > Cc: oauth@ietf.org > Subject: Re: [OAUTH-WG] AD Review of dra