Hannes Tschofenig has requested publication of
draft-ietf-oauth-access-token-jwt-10 as Proposed Standard on behalf of the
OAUTH working group.
Please verify the document's state at
https://datatracker.ietf.org/doc/draft-ietf-oauth-access-token-jwt/
Hi Guido,
Am 08.10.20 um 14:17 schrieb Guido Schmitz:
> We just had a discussion in Stuttgart on the possibility of
> misconfigured endpoints, i.e., an honest client uses the wrong endpoints
> for interacting with some honest AS. Such a setting might be the outcome
> of a social engineering attack
Hi Guido
We've also discussed this issue in the FAPI Working Group at the OpenID
Foundation.
We came to the conclusion that we should require the use of either RFC8414
or OpenID Connect Discovery.
I'd be in favour of adding the recommendation to the BCP.
I'm not aware of an attack in the wild in
Hi,
We just had a discussion in Stuttgart on the possibility of
misconfigured endpoints, i.e., an honest client uses the wrong endpoints
for interacting with some honest AS. Such a setting might be the outcome
of a social engineering attack against the administrators of a client
(e.g., the attacke
> On 7. Oct 2020, at 19:45, Seán Kelleher wrote:
>
> Hi all,
>
> Long time lurker, first time poster, glad to be finally getting involved!
>
> In terms of weighing in on the revocation practice, I don't think this
> document needs to address it as JWT ATs don't seem to require special
> han
