Re: [OAUTH-WG] Authorization Header Encoding

2021-02-18 Thread Justin Richer
The issue was whether to remove the token68 portion and just use auth-param as part of the syntax, as far as I know. Bearer goes a little off from even the draft spec and admits as much in place. If we can improve the definition in 2.1, or at least make it clearer what’s expected, then I think t

Re: [OAUTH-WG] Token Mediating and session Information Backend For Frontend (TMI BFF)

2021-02-18 Thread Neil Madden
> On 18 Feb 2021, at 12:25, Philippe De Ryck > wrote: > >> On 18 Feb 2021, at 13:08, Neil Madden wrote: >> >> Thanks for following up, Brian. Responses below. >> >>> On 17 Feb 2021, at 22:48, Brian Campbell wrote: >>> >>> Always appreciate (and often learn from) your insights, Neil. I'd li

[OAUTH-WG] Multi-Subject JWT (aka Nested JWT)

2021-02-18 Thread Rifaat Shekh-Yusef
When I started working on the Nested JWT draft, I had a specific use case in mind (I no longer care about that initial use case). https://www.ietf.org/archive/id/draft-yusef-oauth-nested-jwt-03.txt I then dropped the ball on the Nested JWT draft, but every now and then I get some feedback, mainly

Re: [OAUTH-WG] Token Mediating and session Information Backend For Frontend (TMI BFF)

2021-02-18 Thread Philippe De Ryck
> On 18 Feb 2021, at 13:08, Neil Madden wrote: > > Thanks for following up, Brian. Responses below. > >> On 17 Feb 2021, at 22:48, Brian Campbell > > wrote: >> >> Always appreciate (and often learn from) your insights, Neil. I'd like to >> dig into the CSRF

Re: [OAUTH-WG] Token Mediating and session Information Backend For Frontend (TMI BFF)

2021-02-18 Thread Neil Madden
Thanks for following up, Brian. Responses below. > On 17 Feb 2021, at 22:48, Brian Campbell wrote: > > Always appreciate (and often learn from) your insights, Neil. I'd like to dig > into the CSRF thing a bit more though to understand better and hopefully do > the right thing in the draft. >