I think it can be a really simple mention as suggested here. I put it in a pull request:
https://github.com/danielfett/draft-dpop/pull/72 <https://github.com/danielfett/draft-dpop/pull/72> I was actually surprised to see that the `token_type` value wasn’t already required to be DPoP (case insensitive) so I added that, too. — Justin > On Aug 16, 2021, at 6:20 PM, Brian Campbell <[email protected]> > wrote: > > Yeah, I believe that logically follows from the definition of token_type in > introspection and RFC 6749. > > Do y'all think it needs to be mentioned in DPoP though? I'm not sure, to be > honest. > > > > On Mon, Aug 16, 2021 at 5:46 AM Justin Richer <[email protected] > <mailto:[email protected]>> wrote: > Yes, it should be. Good catch. > > -Justin > ________________________________________ > From: OAuth [[email protected] <mailto:[email protected]>] on > behalf of Vladimir Dzhuvinov [[email protected] > <mailto:[email protected]>] > Sent: Sunday, August 15, 2021 12:02 PM > To: [email protected] <mailto:[email protected]> > Subject: [OAUTH-WG] DPoP 03 - introspection - token_type? > > The token introspection RFC defines the optional "token_type" member and > I just noticed that draft-ietf-oauth-dpop-03 doesn't mention it. > > https://datatracker.ietf.org/doc/html/rfc7662#section-2.2 > <https://datatracker.ietf.org/doc/html/rfc7662#section-2.2> > > Would it be sensible to mention that if the "token_type" gets set in a > introspection response, it must be "DPoP"? > > https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop-03#section-6.2 > <https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop-03#section-6.2> > > Vladimir > > -- > Vladimir Dzhuvinov > > > _______________________________________________ > OAuth mailing list > [email protected] <mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/oauth > <https://www.ietf.org/mailman/listinfo/oauth> > > CONFIDENTIALITY NOTICE: This email may contain confidential and privileged > material for the sole use of the intended recipient(s). Any review, use, > distribution or disclosure by others is strictly prohibited. If you have > received this communication in error, please notify the sender immediately by > e-mail and delete the message and any file attachments from your computer. > Thank you.
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
