Hi Rifaat,
one detail. The tech summary says
An extension to the OAuth 2.0 Authorization Framework defining request
parameters that enable a client to explicitly signal to an authorization server
about the *location* of the protected resource(s) to which it is requesting
access.
But at least in t
Hi Vittorio,
The text you quoted is copied form the abstract of the draft itself.
*Authors,*
Should the draft be updated to cover the logical identifier case?
Regards,
Rifaat
On Thu, Jan 17, 2019 at 8:19 AM Vittorio Bertocci
wrote:
> Hi Rifaat,
> one detail. The tech summary says
>
> An e
We have discussed this.
Audiences can certainly be logical identifiers.
This however is a more specific location. The AS is free to map the
location into some abstract audience in the AT.
From a security point of view once the client starts asking for logical
resources it can be tricked int
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol WG of the IETF.
Title : OAuth 2.0 Device Flow for Browserless and Input
Constrained Devices
Authors : William Denniss
