A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol WG of the IETF.
Title : OAuth 2.0 Security Best Current Practice
Authors : Torsten Lodderstedt
J
The below issue was raised in an OIDF WG about the so called CIBA draft,
which has a number of significant similarities to the Device Flow,
including the expires_in and interval response parameters noted in the
issue. So *maybe* something to consider for the OAuth 2.0 Device Flow for
Browserless an
On the assumption that this is likely to be a requirement from customers, I’d
be in favour of a new server metadata field. My favourite bikeshed colour would
be:
tls_client_auth_token_endpoint
On another metadata-related note, given that the additional security of
certificate-bound access toke
Hi all,
the new revision incorporates the outcome of the consensus call on implicit
grant (and the like). It also has more text on Refresh Token expiration and
implementation of Refresh Token replay detection via Refresh Token rotation.
Thanks a lot for all the valuable feedback.
kind regard
I spent some time this holiday season futzing around with a few different
browsers to see what kind of UI, if any, they present to the user when
seeing different variations of the server requesting a client certificate
during the handshake.
In a non-exhaustive and unscientific look at the browsers
Hi
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
