I've addressed the review comments on the dpop_jkt PR
https://github.com/danielfett/draft-dpop/pull/89/ in commit
https://github.com/danielfett/draft-dpop/pull/89/commits/6e0ff26e9aa2bf9bf1aacf9ba2ce29de0c032004.
Specifically, the commit:
* Specifies that SHA-256 is used for the JWK Thumbprint
* Adds PKCE to the example
* Describes how the attacks mitigated by DPoP binding of the authorization
code can arise
-- Mike
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
