Hi,
I am looking at the spec
https://datatracker.ietf.org/doc/rfc7520/?include_text=1 for combining JWS
and JWE use case, I could not find it obvious that a JSON document should
be signed first and then encrypt or other way around.Are there any
recommendations one over the other?
Thanks for help.
Hi,
We have an OAuth token revocation specification to revoke consents from an
external/relying party with a given token. I am wondering if there's a
specification around retrieving granted scopes using a given token for
external relying party.
thanks
Malla
___
Hello All,
Hope you are all doing great. We have been thinking of creating a proposal
for a new OAuth2 authorization grant based on the FIDO credentials, please
let us know your thoughts so that we can put together a draft proposal.
/**
Abstract: FIDO Profile for OAuth2.0 Authorization Gran
