Re: [OAUTH-WG] OAuth Discovery metadata values added for revocation, introspection, and PKCE

Fri, 29 Jan 2016 06:11:48 -0800 

The only problem with that is the client may only require it for some types of 
clients (public) or response types.

It may need to be finer grained than that, or define it as required for all 
public clients using the token endpoint.

John B.


> On Jan 29, 2016, at 10:15 AM, Nat Sakimura <[email protected]> wrote:
> 
> Good question. 
> 
> It's probably a good idea to be able to advertise this policy in the 
> discovery. 
> 
> Perhaps in the line of 
> 
> pkce_required or rfc7636_required? 
> The value should be Boolean. 
> 
> Nat from iPhone
> 
> 
> 2016年1月29日(金) 21:23 Vladimir Dzhuvinov <[email protected] 
> <mailto:[email protected]>>:
> Thanks Mike, the updated spec looks good!
> 
> I have a question related to PKCE:
> 
> The PKCE spec seems to imply that an AS may require public clients to use a 
> code challenge:
> 
> https://tools.ietf.org/html/rfc7636#section-4.4.1 
> <https://tools.ietf.org/html/rfc7636#section-4.4.1>
> 
> If an AS has such a policy in place, how is this to be advertised? Or is that 
> supposed to the enforced when the client gets registered (there are no reg 
> params for that at present)?
> 
> 
> On 28/01/16 19:27, Mike Jones wrote:
>> The OAuth Discovery specification has been updated to add metadata values 
>> for revocation<http://tools.ietf.org/html/rfc7009> 
>> <http://tools.ietf.org/html/rfc7009>, 
>> introspection<http://tools.ietf.org/html/rfc7662> 
>> <http://tools.ietf.org/html/rfc7662>, and 
>> PKCE<http://tools.ietf.org/html/rfc7636> 
>> <http://tools.ietf.org/html/rfc7636>.  Changes were:
>> 
>> *       Added "revocation_endpoint_auth_methods_supported" and 
>> "revocation_endpoint_auth_signing_alg_values_supported" for the revocation 
>> endpoint.
>> 
>> *       Added "introspection_endpoint_auth_methods_supported" and 
>> "introspection_endpoint_auth_signing_alg_values_supported" for the 
>> introspection endpoint.
>> 
>> *       Added "code_challenge_methods_supported" for PKCE.
>> 
>> The specification is available at:
>> 
>> *       http://tools.ietf.org/html/draft-jones-oauth-discovery-01 
>> <http://tools.ietf.org/html/draft-jones-oauth-discovery-01>
>> 
>> An HTML-formatted version is also available at:
>> 
>> *       http://self-issued.info/docs/draft-jones-oauth-discovery-01.html 
>> <http://self-issued.info/docs/draft-jones-oauth-discovery-01.html>
>> 
>>                                                           -- Mike
>> 
>> P.S.  This note was also published at http://self-issued.info/?p=1531 
>> <http://self-issued.info/?p=1531> and as 
>> @selfissued<https://twitter.com/selfissued> <https://twitter.com/selfissued>.
>> 
>> 
> 
>> 
>> 
>> _______________________________________________
>> OAuth mailing list
>> [email protected] <mailto:[email protected]>
>> https://www.ietf.org/mailman/listinfo/oauth 
>> <https://www.ietf.org/mailman/listinfo/oauth>
> 
> 
> -- 
> Vladimir Dzhuvinov
> _______________________________________________
> OAuth mailing list
> [email protected] <mailto:[email protected]>
> https://www.ietf.org/mailman/listinfo/oauth 
> <https://www.ietf.org/mailman/listinfo/oauth>
> _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to