Hi all,
For browser based apps it is basically limitations of Fetch API that prevent
MTLS binding, as Fetch uses client certificate dialogs and stores. Does it make
sense to suggest browser vendors fix the Fetch API to better support MTLS?
For example if Fetch API allowed setting up a MTLS requ
Hi Vittorio,
Thanks for working on this. I think this will be valuable. I have a couple of
comments.
About relationship of this draft with token exchange, introspection and
revocation:
Should there be a distinct Token Type Identifier defined for JWT Access Token,
to enable exchange of referen
Hi all,
I support this proposal of recommending authorization code grant and advising
to not use implicit grant.
As a developer we value clean and robust specifications with less opportunity
for mistakes.
Thank you,
Petteri Stenius / Ubisecure
-Original Message-
From: OAuth On Behalf
ds as well.
Relationship with OpenID Connect
In OpenID Connect the userinfo endpoint is very similar to introspection
endpoint of OAuth. Userinfo supports JWT signing and encryption. Adding JWT
signing and encryption to introspection endpoint fills the gap between the two
specifica
