subject:"\[OAUTH\-WG\] Small bug in DPoP 12"

Re: [OAUTH-WG] Small bug in DPoP 12

2023-01-09 Thread Justin Richer

I agree with Brian’s proposed fix — that is a “target URI” as defined by “HTTP”. The fact that it’s :also: required to be HTTPS is separate. — Justin On Jan 9, 2023, at 7:58 AM, Brian Campbell mailto:bcampbell=40pingidentity@dmarc.ietf.org>> wrote: Thanks Dominick, I believe they should

Re: [OAUTH-WG] Small bug in DPoP 12

2023-01-09 Thread Brian Campbell

Thanks Dominick, I believe they should both use HTTP because that claim and check is about something from HTTP semantics. And the general requirement to use HTTPS is stated elsewhere. I'll update that accordingly as part of IETF last call

[OAUTH-WG] Small bug in DPoP 12

2023-01-08 Thread Dominick Baier

Hi, While implementing I found Section 4.2 says htu: The *HTTP* target URI (Section 7.1 of [RFC9110]), without query and fragment parts, of the request to which the JWT is attached. While Section 4.3 says the htu claim matches the *HTTPS* URI value for the HTTP request in which the JWT was re

Re: [OAUTH-WG] Small bug in DPoP 12

Re: [OAUTH-WG] Small bug in DPoP 12

[OAUTH-WG] Small bug in DPoP 12

3 matches

Site Navigation

Mail list logo

Footer information