I think it can be a really simple mention as suggested here. I put it in a pull request:
https://github.com/danielfett/draft-dpop/pull/72 <https://github.com/danielfett/draft-dpop/pull/72> I was actually surprised to see that the `token_type` value wasn’t already required to be DPoP (case insensitive) so I added that, too. — Justin > On Aug 16, 2021, at 6:20 PM, Brian Campbell <bcampb...@pingidentity.com> > wrote: > > Yeah, I believe that logically follows from the definition of token_type in > introspection and RFC 6749. > > Do y'all think it needs to be mentioned in DPoP though? I'm not sure, to be > honest. > > > > On Mon, Aug 16, 2021 at 5:46 AM Justin Richer <jric...@mit.edu > <mailto:jric...@mit.edu>> wrote: > Yes, it should be. Good catch. > > -Justin > ________________________________________ > From: OAuth [oauth-boun...@ietf.org <mailto:oauth-boun...@ietf.org>] on > behalf of Vladimir Dzhuvinov [vladi...@connect2id.com > <mailto:vladi...@connect2id.com>] > Sent: Sunday, August 15, 2021 12:02 PM > To: oauth@ietf.org <mailto:oauth@ietf.org> > Subject: [OAUTH-WG] DPoP 03 - introspection - token_type? > > The token introspection RFC defines the optional "token_type" member and > I just noticed that draft-ietf-oauth-dpop-03 doesn't mention it. > > https://datatracker.ietf.org/doc/html/rfc7662#section-2.2 > <https://datatracker.ietf.org/doc/html/rfc7662#section-2.2> > > Would it be sensible to mention that if the "token_type" gets set in a > introspection response, it must be "DPoP"? > > https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop-03#section-6.2 > <https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop-03#section-6.2> > > Vladimir > > -- > Vladimir Dzhuvinov > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org <mailto:OAuth@ietf.org> > https://www.ietf.org/mailman/listinfo/oauth > <https://www.ietf.org/mailman/listinfo/oauth> > > CONFIDENTIALITY NOTICE: This email may contain confidential and privileged > material for the sole use of the intended recipient(s). Any review, use, > distribution or disclosure by others is strictly prohibited. If you have > received this communication in error, please notify the sender immediately by > e-mail and delete the message and any file attachments from your computer. > Thank you.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
