Good stuff Mike Having an explicit error message for "unsupported_alg" might be useful for this spec. I doubt all implementations will implement all the algs in the JWT spec.
-cmort On 3/16/11 9:57 AM, "Mike Jones" <[email protected]> wrote: I've just published an OAuth JWT Bearer Token Profile <http://self-issued.info/docs/draft-jones-oauth-jwt-bearer.html> . It defines a means of using a JSON Web Token (JWT) bearer token to request an OAuth 2.0 access token. This profile is intentionally strongly based upon the SAML 2.0 Bearer Assertion Grant Type Profile for OAuth 2.0 <http://www.ietf.org/id/draft-ietf-oauth-saml2-bearer-03.txt> by Brian Campbell and Chuck Mortimore; it borrows some text from the SAML profile with their permission. Thanks Brian and Chuck, for supporting the writing of this profile and for your reviews of preliminary drafts. The profile draft is available at these locations: http://self-issued.info/docs/draft-jones-oauth-jwt-bearer-00.html http://self-issued.info/docs/draft-jones-oauth-jwt-bearer-00.txt http://self-issued.info/docs/draft-jones-oauth-jwt-bearer-00.xml http://self-issued.info/docs/draft-jones-oauth-jwt-bearer.html (will point to new versions as they are posted) http://self-issued.info/docs/draft-jones-oauth-jwt-bearer.txt (will point to new versions as they are posted) http://self-issued.info/docs/draft-jones-oauth-jwt-bearer.xml (will point to new versions as they are posted) http://svn.openid.net/repos/specifications/oauth/2.0/ (Subversion repository, with html, txt, and html versions available) I will also submit this as a formal Internet draft after the IETF tool re-opens for submissions (on March 28th). -- Mike
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
