Re: [OAUTH-WG] Transaction tokens draft-ietf-oauth-transaction-tokens-01 - my comments

Hi Yaron, Thank you so much for this feedback. I've created issues for many of the items in your email, and a PR for the minor text fixes you identified. Atul On Sun, Mar

Re: [OAUTH-WG] OAuth for Browser-Based Apps

I think it does warrant mentioning, because the main assumptions about an spa are that everything goes from the browser to the api itself. It might be surprising to a user or even a naive developer that every request goes through another party as a black box. Even if it's all first party abd dep

Re: [OAUTH-WG] draft-zhang-jose-json-fine-grained-access

Thank you very much for your feedback. We will continue to work on it. -Jiangcheng At 2024-03-23 18:09:34, "Warren Parad" wrote: Some thoughts in no particular order, but mostly I'm with Justin: The exact data properties of the json probably don't belong in this RFC, but rather c