The JSON Web Token (JWT) Best Current Practices (BCP) specification has been
updated to add guidance on how to explicitly type Nested JWTs. Thanks to Brian
Campbell for suggesting the addition.
The specification is available at:
* https://tools.ietf.org/html/draft-ietf-oauth-jwt-bcp-01
An
On Wed, Mar 21, 2018 at 8:34 PM, Torsten Lodderstedt <
tors...@lodderstedt.net> wrote:
> The AS MUST take precautions to prevent this threat.
> Based on its risk assessment the AS needs to decide whether
> it can trust the redirect URI or not and should only automatically
> redirect the user agent
Thanks for the detailed review, Justin. Replies are inline below...
On Tue, Mar 20, 2018 at 5:52 PM, Justin Richer wrote:
> As promised in yesterday’s meeting, here’s my review of the oauth-mtls
> draft. We’ve recently implemented the spec from the AS and RS side for an
> as-yet-unreleased vers
