code_challenge_methods_supported is/was already defined in RFC 8414, it's just kinda easy to miss that it's there as you'd typically expect to find that sort of thing in the doc that defines PKCE itself. But PKCE (RFC 7636) predates AS metadata (RFC 8414) so things are different in that case.
I notice too that draft-ietf-oauth-security-topics-14 still erroneously has RFC 8418 as the reference next to code_challenge_methods_supported where it should be RFC 8414. On Tue, Feb 11, 2020 at 11:43 AM Vladimir Dzhuvinov <[email protected]> wrote: > Fantastic, we now have "code_challenge_methods_supported" defined for AS > metadata and it's a MUST. Long overdue. > > Vladimir > > On 10/02/2020 20:14, [email protected] wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > > This draft is a work item of the Web Authorization Protocol WG of the > IETF. > > > > Title : OAuth 2.0 Security Best Current Practice > > Authors : Torsten Lodderstedt > > John Bradley > > Andrey Labunets > > Daniel Fett > > Filename : draft-ietf-oauth-security-topics-14.txt > > Pages : 46 > > Date : 2020-02-10 > > > > Abstract: > > This document describes best current security practice for OAuth 2.0.. > > It updates and extends the OAuth 2.0 Security Threat Model to > > incorporate practical experiences gathered since OAuth 2.0 was > > published and covers new threats relevant due to the broader > > application of OAuth 2.0. > > > > > > The IETF datatracker status page for this draft is: > > https://datatracker.ietf.org/doc/draft-ietf-oauth-security-topics/ > > > > There are also htmlized versions available at: > > https://tools.ietf.org/html/draft-ietf-oauth-security-topics-14 > > > https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-14 > > > > A diff from the previous version is available at: > > https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-security-topics-14 > > > > > > Please note that it may take a couple of minutes from the time of > submission > > until the htmlized version and diff are available at tools.ietf.org. > > > > Internet-Drafts are also available by anonymous FTP at: > > ftp://ftp.ietf.org/internet-drafts/ > > > > _______________________________________________ > > > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
