Re: [OAUTH-WG] DPoP followup I: freshness and coverage of signature

On Sat, Dec 12, 2020 at 1:22 AM Vladimir Dzhuvinov wrote: > If the current DPoP has code complexity "X", the relative additional > complexity to include access token hashes doesn't seem like very much. An > app choosing DPoP means accepting the code complexity that comes with > dealing with keys,

Re: [OAUTH-WG] PAR error for redirect URI?

👍 > Am 14.12.2020 um 17:39 schrieb Brian Campbell > : > >  > And that's done: > https://mailarchive.ietf.org/arch/msg/oauth/W0eq4HUiiLVS5F5qyXXY6Gdw7vs/ > >> On Mon, Dec 14, 2020 at 8:42 AM Torsten Lodderstedt >> wrote: >> +1 for following Vladimir’s proposal >> >> > Am 14.12.2020 um 14:54

Re: [OAUTH-WG] PAR error for redirect URI?

And that's done: https://mailarchive.ietf.org/arch/msg/oauth/W0eq4HUiiLVS5F5qyXXY6Gdw7vs/ On Mon, Dec 14, 2020 at 8:42 AM Torsten Lodderstedt wrote: > +1 for following Vladimir’s proposal > > > Am 14.12.2020 um 14:54 schrieb Brian Campbell 40pingidentity@dmarc.ietf.org>: > > > > er, I mean

[OAUTH-WG] I-D Action: draft-ietf-oauth-par-05.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol WG of the IETF. Title : OAuth 2.0 Pushed Authorization Requests Authors : Torsten Lodderstedt Br

Re: [OAUTH-WG] PAR error for redirect URI?

+1 for following Vladimir’s proposal > Am 14.12.2020 um 14:54 schrieb Brian Campbell > : > > er, I mean an -05 > > On Mon, Dec 14, 2020 at 6:45 AM Brian Campbell > wrote: > Thanks Vladimir, that seems quite reasonable. Barring any objections, I'll > add that to a -04. > > On Mon, Dec 14,

Re: [OAUTH-WG] PAR error for redirect URI?

er, I mean an -05 On Mon, Dec 14, 2020 at 6:45 AM Brian Campbell wrote: > Thanks Vladimir, that seems quite reasonable. Barring any objections, I'll > add that to a -04. > > On Mon, Dec 14, 2020 at 1:33 AM Vladimir Dzhuvinov < > vladi...@connect2id.com> wrote: > >> Hi Brian, >> >> I'd like to pr

Re: [OAUTH-WG] PAR error for redirect URI?

I agree with the proposed text On Mon, 14 Dec 2020 at 14:46, Brian Campbell wrote: > Thanks Vladimir, that seems quite reasonable. Barring any objections, I'll > add that to a -04. > > On Mon, Dec 14, 2020 at 1:33 AM Vladimir Dzhuvinov < > vladi...@connect2id.com> wrote: > >> Hi Brian, >> >> I'd

Re: [OAUTH-WG] PAR error for redirect URI?

Thanks Vladimir, that seems quite reasonable. Barring any objections, I'll add that to a -04. On Mon, Dec 14, 2020 at 1:33 AM Vladimir Dzhuvinov wrote: > Hi Brian, > > I'd like to propose the sentence in bold to be inserted into the current > section 2.3 of PAR -04: > > https://tools.ietf.org/ht

Re: [OAUTH-WG] Call for Adoption - AS Issuer Identifier in Authorization Response

+1 ——— Dominick Baier On 8. December 2020 at 13:51:04, Rifaat Shekh-Yusef (rifaat.s.i...@gmail.com) wrote: All, This is a call for adoption for the following AS Issuer Identifier in Authorization Response as a WG document: https://datatracker.ietf.org/doc/draft-meyerzuselhausen-oauth-iss-auth-r

Re: [OAUTH-WG] PAR error for redirect URI?

Hi Brian, I'd like to propose the sentence in bold to be inserted into the current section 2.3 of PAR -04: https://tools.ietf.org/html/draft-ietf-oauth-par-04#section-2.3 The authorization server returns an error response with the same format as is specified for error responses from the token en