Re: [OAUTH-WG] Working Group Last Call on OAuth 2.0 Discovery

Thu, 10 Mar 2016 03:33:48 -0800 

Thanks for your comments, Samuel.  Yes, you’re right that jwks_uri should be 
OPTIONAL, since not all use cases need keys.  Likewise, registration_endpoint 
should be OPTIONAL, rather than RECOMMENDED.

The grant_type values are defined in OAuth Dynamic Client Registration [RFC 
7591] and are identifiers for the grant type concept defined in RFC 6749.  They 
identify the grant types that can be used at the Token Endpoint.  The 
response_type concept is defined in RFC 6749, and identifies a response syntax 
from the authorization endpoint.  We can say more to differentiate these in the 
next draft.

BTW, lest it be in doubt, I support this draft moving forward, with the name 
changed to “OAuth 2.0 Authorization Server Discovery” or “OAuth 2.0 
Authorization Server Discovery Metadata” – as discussed in the thread “OAuth 
2.0 Discovery Location”.  I’m also open to introducing the 
“/.well-known/oauth-authorization-server” identifier, as discussed in that 
thread.

                                                          -- Mike

From: OAuth [mailto:[email protected]] On Behalf Of Samuel Erdtman
Sent: Wednesday, March 9, 2016 11:28 PM
To: Hannes Tschofenig <[email protected]>
Cc: [email protected]
Subject: Re: [OAUTH-WG] Working Group Last Call on OAuth 2.0 Discovery

Hi,

I sent a few comments two weeks ago that has not been explicitly commented on. 
(I might have sent them in the wrong way, if so sorry about that)

https://mailarchive.ietf.org/arch/msg/oauth/Z0LCBuvFDCQTd4xfwoddlbC2P7w

Most of the comments are minor but I would like to se
jwks_uri to be changed from REQUIRED to OPTIONAL or RECOMMENDED
and at least get a comment of the difference between response_types_supported 
and grant_types_supported

Best regards
//Samuel




On Thu, Feb 18, 2016 at 2:40 PM, Hannes Tschofenig 
<[email protected]<mailto:[email protected]>> wrote:
Hi all,

This is a Last Call for comments on the  OAuth 2.0 Discovery specification:
https://tools.ietf.org/html/draft-ietf-oauth-discovery-01

Since this document was only adopted recently we are running this last
call for **3 weeks**.

Please have your comments in no later than March 10th.

Ciao
Hannes & Derek


_______________________________________________
OAuth mailing list
[email protected]<mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/oauth


_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to