Excellent question. Since the authorisation response contains that code only in this case, one basically gains sender authentication and non-repudiation.
> On 23. Jan 2020, at 16:03, Neil Madden <[email protected]> wrote: > > If you’re using auth code and PKCE, what does JARM add? > > Neil > >> On 23 Jan 2020, at 06:03, Takahiko Kawasaki <[email protected]> wrote: >> >> >> I think that JARM is good and even feel that JARM should exist there from a >> logical perspective because JARM is to Authorization Response what Request >> Object is to Authorization Request. It is good that we don't have to use "ID >> Token as Detached Signature" (Financial-grade API Part 2) when JARM is used. >> >> FWIW, I (Authlete) finished implementing JARM at the beginning of October, >> 2018, about a year and 3 months ago. >> >> Best Regards, >> Takahiko Kawasaki >> >> On Sat, Jan 18, 2020 at 5:22 AM Brian Campbell >> <[email protected]> wrote: >> I'd be in favor of it. >> >> On Thu, Jan 16, 2020 at 9:28 AM Torsten Lodderstedt >> <[email protected]> wrote: >> >> >>> Am 16.01.2020 um 16:48 schrieb Justin Richer <[email protected]>: >>> >>> Maybe PAR and JAR (and JARM?) end up going out as a bundle of specs. >> >> Since Justin brought it up, I would like to know whether the community has >> appetite to standardize JARM as well. >> >> Here is the link to the spec: >> https://openid.net/specs/openid-financial-api-jarm-ID1.html >> >> What do you think? >> _______________________________________________ >> OAuth mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/oauth >> >> CONFIDENTIALITY NOTICE: This email may contain confidential and privileged >> material for the sole use of the intended recipient(s). Any review, use, >> distribution or disclosure by others is strictly prohibited... If you have >> received this communication in error, please notify the sender immediately >> by e-mail and delete the message and any file attachments from your >> computer. Thank you._______________________________________________ >> OAuth mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/oauth >> _______________________________________________ >> OAuth mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/oauth
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
