Wonderful, thanks Brock!
On Thu, Jan 19, 2023 at 14:55 Brock Allen wrote:
> *This message originated outside your organization.*
>
> --
>
> The current version of Duende IdentityServer supports everything included
> in this proposal, except for the new unmet_authentic
The current version of Duende IdentityServer supports everything included in
this proposal, except for the new unmet_authentication_requirement error which
has been added for v6.3.0 being released this summer.
https://duendesoftware.com/
Thanks.
-Brock
On 12/20/2022 8:15:52 AM, Rifaat Shekh-
On Jan 19, 2023, at 2:50 PM, Mark Nottingham
wrote:
> Ah, interesting. Token has a constraint on the first character -- it must be
> a letter. Is that always the case for a JWT?
A JWT (JWS/JWE in compact serialization) should always start with “ey” due to
the base64url encoding of the JSON
> On 20 Jan 2023, at 3:18 am, Justin Richer wrote:
>
> A JWT cannot be sent as a Byte Sequence because it is not :just: Base64.
> Specifically, a JWT in compact serialization (which is what’s intended here)
> is encoded as three sets of Base64url separated by periods “.”, which are
> outside
Hi Mark, a quick note on one item:
- Section 4.1 defines the DPoP header field as a JWT, which (as I understand
it) is a base64-encoded string. If that's the case, I'd recommend making it a
Structured Field Item (see RFC8941 s 3.3) with a fixed type of Byte Sequence (s
3.3.5). That will require
