On Thu, Apr 23, 2020 at 04:52:49PM +, Mike Jones wrote:
>
> I’d personally point out these non-compliant behaviors to the vendors and ask
> them to fix them. Their non-compliance makes it harder for clients to
> interoperate with them, hurting both. Name names, if that’s what it takes.
My
Behalf Of Neil Madden
Sent: Thursday, April 23, 2020 2:30 AM
To: Vladimir Dzhuvinov
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] OAuth GREASE
If a clients sends a handful of random additional parameters on authorization
requests a compliant AS will already ignore them, so there should be no
additional
If a clients sends a handful of random additional parameters on authorization
requests a compliant AS will already ignore them, so there should be no
additional burden on the AS.
However, the ship may already have sailed on the specific issue of request
parameters, as there are major deployed s
I get your frustration with PKCE. It would be a bad policy and example
to burden compliant ASes with additional stuff just because a few AS
implementations are not complying with the spec. It's not fair and can
end up creating all sorts of bad incentives in future.
Vladimir
On 22/04/2020 10:29, N
