> On 11. Aug 2020, at 23:55, Brian Campbell
> wrote:
>
> Hi Francis,
>
> My apologies for the tardy response to this - I was away for some time on
> holiday. But thank you for the review and feedback on the draft. I've tried
> to respond inline below.
>
>
> On Fri, Jul 31, 2020 at 5:01 P
On Wed, Aug 12, 2020 at 1:03 PM Brian Campbell wrote:
> I'm honestly having a hard time following what you are asking for. But
> there is already the following text in sec 1 that mentions non-repudiation
> via JWT-based request objects and by implication the basic request method
> does not provid
I'm honestly having a hard time following what you are asking for. But
there is already the following text in sec 1 that mentions non-repudiation
via JWT-based request objects and by implication the basic request method
does not provide non-repudiation.
The pushed authorization request endpoint
Hello Brian,
On Tue, Aug 11, 2020 at 5:55 PM Brian Campbell wrote:
> Hi Francis,
>
> My apologies for the tardy response to this - I was away for some time on
> holiday. But thank you for the review and feedback on the draft. I've tried
> to respond inline below.
>
>
> On Fri, Jul 31, 2020 at 5:
Hi Francis,
My apologies for the tardy response to this - I was away for some time on
holiday. But thank you for the review and feedback on the draft. I've tried
to respond inline below.
On Fri, Jul 31, 2020 at 5:01 PM Francis Pouatcha wrote:
> Bellow is the only remark I found from reviewing
Bellow is the only remark I found from reviewing the draft draft:
2.1. Request:
requires the parameters "code_challenge" and "code_challenge_method" but
https://openid.net/specs/openid-financial-api-part-2-ID2.html#confidential-client
mentions
that RFC7636 is not required for confidential client
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol WG of the IETF.
Title : OAuth 2.0 Pushed Authorization Requests
Authors : Torsten Lodderstedt
Br
