On Sun, Jun 7, 2020 at 10:18 AM Nov Matake <[email protected]> wrote:
> private_key_jwt and mTLS can be sender PoP method for code too.
>
>
Yes,correct thanks for pointing this out: So we have
code :
-> sender : Client
-> consumer : AS
-> sender PoP :
--> confidential client: [code_verifier (PKCE) AND [
private_key_jwt XOR mTLS ] ]
--> public client: code_verifier (PKCE) AND ?
refresh_token :
-> sender : Client
-> consumer : AS
-> sender PoP :
--> confidential client: private_key_jwt, mTLS
--> public client: DPoP AND ?
access_token :
-> presenter : Client
-> consumer : RS
-> sender PoP :
--> confidential client: private_key_jwt, mTLS
--> public client: DPoP AND ?
@Daniel Fett <[email protected]> I still have some question marks in
here. Am I missing anything?
--
Francis Pouatcha
Co-Founder and Technical Lead at adorys
https://adorsys-platform.de/solutions/
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
