The text that talks about matching the code challenge needs to be fixed too.
https://github.com/danielfett/draft-dpop/pull/89/files#diff-cbb16c6731a89f7daa2f8f1963f5c005633f4273846af12926d187292cb3a66bR996 On Tue, Jan 25, 2022 at 7:37 AM Brian Campbell <[email protected]> wrote: > The changes to the example to add PKCE aren't valid PKCE. The appendix > from the original https://datatracker.ietf.org/doc/html/rfc7636#appendix-B > might be a better place to borrow example content from. > > I believe also that review comments had requested some treatment of the > optionality/requiredness of the new dpop_jkt parameter. > > > > On Mon, Jan 24, 2022 at 8:41 PM Mike Jones <Michael.Jones= > [email protected]> wrote: > >> I’ve addressed the review comments on the dpop_jkt PR >> https://github.com/danielfett/draft-dpop/pull/89/ in commit >> https://github.com/danielfett/draft-dpop/pull/89/commits/6e0ff26e9aa2bf9bf1aacf9ba2ce29de0c032004. >> Specifically, the commit: >> >> - Specifies that SHA-256 is used for the JWK Thumbprint >> - Adds PKCE to the example >> - Describes how the attacks mitigated by DPoP binding of the >> authorization code can arise >> >> >> >> -- Mike >> >> >> _______________________________________________ >> OAuth mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/oauth >> > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
