[OAUTH-WG] Oauth 2.0 Installation

Respected Sir/Madam, I am Swathi, trying to work on a project to connect with online e portals through a PHP application. I am trying to see Oauth 2.0 pitch in my use case as I need to connect to multiple portals from my web application. In this regard could you please guide me on how to install

Re: [OAUTH-WG] Use of Token Exchange spec for API Federation

btw can any of the Microsoft folks on the list give any indication if IE has plans to do something similar to custom tabs / safari view controller for windows devices? Maybe it's not something you can comment on, but at least let it be know the interest is out here :-) On Wed, Jul 15, 2015 at 8:3

[OAUTH-WG] Nesting Signatures and Encryption JWT Tokens

Hi, I am looking at the spec https://datatracker.ietf.org/doc/rfc7520/?include_text=1 for combining JWS and JWE use case, I could not find it obvious that a JSON document should be signed first and then encrypt or other way around.Are there any recommendations one over the other? Thanks for help.

Re: [OAUTH-WG] Nesting Signatures and Encryption JWT Tokens

https://tools.ietf.org/html/rfc7519#section-11.2 It is in the JWT spec. You can do it both ways however you really need a good reason not to sign then encrypt, and then after you have a good reason you should still sign then encrypt because y

Re: [OAUTH-WG] Nesting Signatures and Encryption JWT Tokens

Hi Malla, Just to add one more thing: If you just want to "sign" for the sake of integrity protection, you really do not need to do it as all the algs in JWE are integrity protected. -- Nat Sakimura < n-sakim...@nri.co.jp> Nomura Research Institute, Ltd.