Hi Roman,
The concerns of this document are largely specific to OpenID Connect, and not
vanilla OAuth, but of course many of us in the community overlap and I’m happy
to help provide some feedback here. I’m not familiar with RDAP, so if any of my
concerns are addressed by other aspects of the R
Hello --
While implementing PAR, some questions came up around the request_uri,
expiration, and one-time use semantics.
1: I found this conversation:
https://mailarchive.ietf.org/arch/msg/oauth/Xp5Wyt4N9U6RZZzMd6RctU3koQw/#
[https://mailarchive.ietf.org/arch/msg/oauth/Xp5Wyt4N9U6RZZzMd6RctU3ko
Hi!
I deferred this document to Thursday, October 5 telechat. If anyone has time
to review this document, it would be appreciated.
Roman
-Original Message-
From: Roman Danyliw
Sent: Friday, September 15, 2023 3:29 PM
To: oauth
Subject: Review of draft-ietf-regext-rdap-openid
Hi!
I
>
> the resulting consent dialog from Google is going to say "Apple is
> requesting super admin privileges to your Apple account".
And that's totally fine (also assuming you meant *to your google account*.
But the second provider MUST also have a prompt to the delegation of those
resources. That
