The changes to the example to add PKCE aren't valid PKCE. The appendix from the original https://datatracker.ietf.org/doc/html/rfc7636#appendix-B might be a better place to borrow example content from.
I believe also that review comments had requested some treatment of the optionality/requiredness of the new dpop_jkt parameter. On Mon, Jan 24, 2022 at 8:41 PM Mike Jones <Michael.Jones= [email protected]> wrote: > I’ve addressed the review comments on the dpop_jkt PR > https://github.com/danielfett/draft-dpop/pull/89/ in commit > https://github.com/danielfett/draft-dpop/pull/89/commits/6e0ff26e9aa2bf9bf1aacf9ba2ce29de0c032004. > Specifically, the commit: > > - Specifies that SHA-256 is used for the JWK Thumbprint > - Adds PKCE to the example > - Describes how the attacks mitigated by DPoP binding of the > authorization code can arise > > > > -- Mike > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
