One thing that I think is missing from the article in the discussion of pros and cons is that in many cases a large or even voluminous request can be sent via auto submitting form post (like https://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html but the other way around from client to AS with the auth request), which doesn't then run into the same URI size problem.
>From a prospective standardization standpoint, there are really two distinct concepts in the article. One is the "Pushed Request Object" and the other the "Structured Scope". They are certainly complementary things but each could also be useful and used independently of one another. So I'd argue that they should be developed independently too. On Sat, Apr 20, 2019 at 12:21 PM Torsten Lodderstedt < tors...@lodderstedt.net> wrote: > Hi all, > > I just published an article about the subject at: > https://medium.com/oauth-2/transaction-authorization-or-why-we-need-to-re-think-oauth-scopes-2326e2038948 > > > I look forward to getting your feedback. > > kind regards, > Torsten. > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth