[OAUTH-WG] JWT: Unsecured JWS for JWS JASON Serialisation

, Buhake Sindi www.sindi.co.za ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Question about RFC 7622 (Token Introspection)

fc7662#section-3> of OAuth 2.0 Bearer Token Usage [RFC6750 <https://tools.ietf.org/html/rfc6750>]. The link of [Section 5.2] and [Section 3] both points to the same link (of RFC 7662) instead of the specified RFC. E.g. There is no Section 5.2 on RFC 7662 but the link points to it. Kind

Re: [OAUTH-WG] Question about RFC 7622 (Token Introspection)

Hi, Are you not mistaking this with RFC 7662? :-) Kind Regards, Buhake Sindi On 15 Jan 2016 12:34, "Sergey Beryozkin" wrote: > Hi All, > > I'm reviewing RFC 7622 as we are going ahead with implementing it. > I have a question: > > 1. Token Hint in the

Re: [OAUTH-WG] Authorization Server

is an existing one yet, probably Spring Framework has? Kind Regards, Buhake Sindi www.sindi.co.za On 17 Jul 2014, at 10:47, Richard Snowden wrote: > Hi there, > > after viewing some tutorials and running some samples code I understood the > client side of OAuth 2.0. &g

[OAUTH-WG] Error in draft-ietf-oauth-v2-http-mac-01

Fx1zeOXM=" In chapter 3.2.1, it states: "using *timestamp 264095:7d8f3e4a*, nonce 7d8f3e4a, and extension string a,b,c is ..." (where timestamp is a concatenation of ts + ":" + nonce). Is this an error or what is the correct way to populate ts (timestamp) for MAC header

Re: [OAUTH-WG] error response for invalid refresh token

Hi invalid_grant > > The provided authorization grant (e.g. authorization code, > resource owner credentials) is invalid, expired, revoked, does > not match the redirection URI used > I would think that the refresh_token is an authorization code that needs refreshing, so this would be valid.

Re: [OAUTH-WG] Quick question about error response for "response_type=unknown"

Oops. Sorry, I believe I should have said, case 2. And why is case 2 impossible? The only time case 1 is valid in the redirect_uri is invalid. Buhake Sindi On 21 February 2012 13:40, Buhake Sindi wrote: > Hi guys, > > OAuth 2, Draft 23, Paragraph 4.1.2.1 clearly states: > >

Re: [OAUTH-WG] Quick question about error response for "response_type=unknown"

and MUST NOT automatically redirect the user-agent to the > invalid redirection URI. > So, Case 1 is the only accepted case here. Buhake Sindi On 21 February 2012 13:34, matake@gmail wrote: > So the answer is "Show the error to the user without redirecting back to > the client",

Re: [OAUTH-WG] FW: New Version Notification for draft-hardjono-oauth-dynreg-01.txt

Hi Thomas, Concerning the above documentation, section 7.4. Your error attributes and example doesn't match. Should I ignore the example shown in the document? Buhake Sindi The Elite Gentleman. On 24 Oct 2011, at 16:31, Thomas Hardjono wrote: > FYI Folks, > > Jus

Re: [OAUTH-WG] Possible alternative resolution to issue 26

Hi everyone, As for encoding, my understanding is that the scope parameter were scope fields provided by the service provider and that scope should match the service provider scope. Fair enough, we could argue that non-UTF-8 characters can't be sent over HTTP response headers, so a better solution