Hi Jaimandeep,
I disagree with both of your points. See my comments inline.
Best regards,
Karsten
On 12.08.2022 05:40, Jaimandeep Singh wrote:
Hi Mikheil,
1. Well explained by Brain. I will just add my perspective.
>From the practical perspective, if the confidential client got a
refr
Hi Karsten,
Thx a lot for all the time and effort in explaining the things. This brings
up an important discussion point as we are revising OAuth 2.0. Do we need
to make the authorization code a temporary token? Section 1.3.1 of the
draft RFC states:
> An authorization code is a temporary credent
Hi Takahiko,
1. Thx a lot for taking out the time and efforts for the detailed
explanation. I especially liked your real world examples for extracting
client certificates. I now realize that most of the HTTP servers provide a
way for extraction of client certificates. Although, there is a degree o
