On Tue, Mar 10, 2020 at 10:21 AM Mike Jones wrote:
> I haven’t thought about PAR but would welcome thoughts. In general, I
> assume that the “htu” value should be the actual endpoint used. What do
> others think?
>
Yeah, in general, the “htu” and "htm" values should probably be related to
the
I haven’t thought about PAR but would welcome thoughts. In general, I assume
that the “htu” value should be the actual endpoint used. What do others think?
Yes, I agree that the DPoP parameters on the front channel should only apply to
the front-channel access token, whereas if you’re using a
Answering Rifaat’s question, per Brian’s comment
https://github.com/danielfett/draft-dpop/issues/37#issuecomment-534192398, at
IETF 105 there was consensus to at least initially do this work in a separate
draft.
-- Mike
From: Aaron Parecki
