[OAUTH-WG] Re: OAuth 2.1 ideas

For refresh_token_expires_in, the argument seems to hinge on the idea that "client can't do anything useful with the knowledge of the refresh token expiration time". But that isn't the case, as we have received several requests from clients to expose this information so that the client can remind t

[OAUTH-WG] Re: OAuth 2.1 ideas

For the 3.2.3 Token Response, I believe it is quite clear why that should be rejected via this great response from Aaron: https://github.com/oauth-wg/oauth-v2-1/issues/187#issuecomment-2350781735 For 3.2.4 access_denied, I believe the current solution is a 401 or 403 status code, isn't it? Adding

[OAUTH-WG] OAuth 2.1 ideas

Hi all, I am new to IETF so apologies if I'm not doing this correctly. I had a few suggestions for things to add to the 2.1 spec based on scenarios encountered from running a large authorization server. Let me know your thoughts or if I should be using a different channel (like github) to contribu

[OAUTH-WG] Re: -15 of SD-JWT

+1 on advancing the draft. CONFIDENTIAL -Original Message- From: Watson Ladd Sent: Wednesday, January 29, 2025 12:09 PM To: Brian Campbell Cc: oauth ; oauth-cha...@ietf.org Subject: [OAUTH-WG] Re: -15 of SD-JWT EXTERNAL EMAIL After discussion with the authors we've agreed that editori

[OAUTH-WG] Re: -15 of SD-JWT

After discussion with the authors we've agreed that editorial improvements, including to the security considerations section, can happen later in the process, and that it shouldn't prevent advancing the draft. On Thu, Jan 16, 2025 at 7:25 PM Watson Ladd wrote: > > Brian, > > I'm glad we've finall

[OAUTH-WG] Re: -15 of SD-JWT

+1 Paul Likewise believe this is ready to progress On Wed, Jan 29, 2025, 12:04 Paul Bastian wrote: > I agree that the draft is ready to progress. I also agree with Brian that > the privacy considerations are good enough and have been for several months > already and are beyond what the average I

[OAUTH-WG] Re: -15 of SD-JWT

I agree that the draft is ready to progress. I also agree with Brian that the privacy considerations are good enough and have been for several months already and are beyond what the average IETF Draft is providing. On 29.01.25 16:48, Brent Zundel wrote: fwiw, I also believe the draft is ready

[OAUTH-WG] Re: -15 of SD-JWT

fwiw, I also believe the draft is ready to progress. On Wed, Jan 22, 2025 at 2:17 PM Brian Campbell wrote: > Watson, > > I think perhaps there's a misalignment of goals here. > > My perspective is that the privacy considerations are good enough (and > have been for several months now) for the dr