Hi, Here coms some review comments, In general I think this is a good document.
//Samuel 2. Authorization Server Metadata token_endpoint, I would prefer if the requiredness of this parameter was put in the beginning instead of the end as with the other parameters. jwks_uri, I would like to change to recommended since this is not a parameter required by the base OAuth 2.0 framework similar to registration_endpoint jwks_uri, It would be nice with a referens to the definition of jwks_uri. jwks_uri, “When both signing and encryption keys are made available, a "use" (public key use) parameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage” The text would be simpler if it just said that “use” always was required. It would also be one less thing to argue about when it comes to interoperability if it was always required. response_types_supported, an example would be appreciated and maybe a referees to the response type definition response_types_supported, What is the difference between response_types_supported and grant_types_supported, with a quick look they seem very similar. Could it be enough with one of them? introspection_endpoint_auth_signing_alg_values_supported, revocation_endpoint_auth_signing_alg_values_supported and token_endpoint_auth_signing_alg_values_supported, it would be good with a reference to the definition of "private_key_jwt" and "client_secret_jwt" token_endpoint_auth_methods_supported, why not refer to IANA registry for "OAuth Token Endpoint Authentication Methods" under [IANA.OAuth.Parameters] in the same way as with introspection_endpoint_auth_signing_alg_values_supported and revocation_endpoint_auth_signing_alg_values_supported 3. Obtaining Authorization Server Discovery Metadata As also mentioned by Justin I think it is a bit confusing with the example opened-configuration as .well-known/ postfix could it be made clearer that it is ab example maybe by making "/.well-known/example-configuration" the primary example. 5. Compatibility Notes ”http://openid.net/specs/connect/1.0/issuer"; is only used in this section, maybe it should be removed?
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
