A few things caught my eye in this document:
- Section 4.1 defines the DPoP header field as a JWT, which (as I understand
it) is a base64-encoded string. If that's the case, I'd recommend making it a
Structured Field Item (see RFC8941 s 3.3) with a fixed type of Byte Sequence (s
3.3.5). That wi
Dear Mark Nottingham and Roy Fielding (cc: oauth WG),
As the designated experts for the http-fields registry, can you review the
proposed registration in draft-ietf-oauth-dpop for us? Please see:
https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/
The due date is February 1st, 2023.
If thi
In https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-07 section
5.2.3 (The WWW-Authenticate Response Header Field):
All challenges for this token type MUST use the auth-scheme value
Bearer. This scheme MUST be followed by one or more auth-param
values.
Why is at least one au
