[OAUTH-WG] Weekly github digest (OAuth Activity Summary)

Sat, 24 Jan 2026 23:47:11 -0800 



Events without label "editorial"

Issues
------
* oauth-wg/oauth-transaction-tokens (+0/-0/💬1)
 1 issues received 1 new comments:
 - #294 Assuring single use by preserving jti from request. (1 by PieterKas)

   https://github.com/oauth-wg/oauth-transaction-tokens/issues/294 [WGLC Feedback] 


* oauth-wg/oauth-sd-jwt-vc (+0/-1/💬27)
 2 issues received 27 new comments:
 - #380 Support images as part of SVG rendering? (1 by bc-pi)

   https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/380 [pending close] 
 - #378 Nat's SD-JWT-VC-13 Review (26 by bc-pi)
   https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/378 


 1 issues closed:

 - Query or fragment components in the iss using HTTPS scheme https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/381 [pending close] 


* oauth-wg/oauth-cross-device-security (+9/-10/💬0)
 9 issues created:
 - Update Figure numbering (by PieterKas)

   https://github.com/oauth-wg/oauth-cross-device-security/issues/263 
 - Nits: Mike Bishop (by PieterKas)
   https://github.com/oauth-wg/oauth-cross-device-security/issues/262 [Mike Bishop] 
 - Comment about NAT (by PieterKas)
   https://github.com/oauth-wg/oauth-cross-device-security/issues/261 [Mike Bishop] 
 - Add arrow to diagram (by PieterKas)
   https://github.com/oauth-wg/oauth-cross-device-security/issues/260 [Mike Bishop] 
 - Ye olde FIDO reference (by PieterKas)
   https://github.com/oauth-wg/oauth-cross-device-security/issues/259 [Roman Danyliw] 
 - Clarify "clear" (by PieterKas)
   https://github.com/oauth-wg/oauth-cross-device-security/issues/258 [Roman Danyliw] 
 - Declare risk of hardware devices for physical connectivity as out of scope (by PieterKas)
   https://github.com/oauth-wg/oauth-cross-device-security/issues/257 [Roman Danyliw] 
 - Emphasise proximity as an important mitigation (by PieterKas)
   https://github.com/oauth-wg/oauth-cross-device-security/issues/256 [Roman Danyliw] 
 - Anchor mitigation selection on risk assessment (by PieterKas)
   https://github.com/oauth-wg/oauth-cross-device-security/issues/255 [Roman Danyliw] 


 10 issues closed:

 - Update Figure numbering https://github.com/oauth-wg/oauth-cross-device-security/issues/263 
 - Nits: Mike Bishop https://github.com/oauth-wg/oauth-cross-device-security/issues/262 [Mike Bishop] 
 - Nits: Mike Bishop https://github.com/oauth-wg/oauth-cross-device-security/issues/262 [Mike Bishop] 
 - Ye olde FIDO reference https://github.com/oauth-wg/oauth-cross-device-security/issues/259 [Roman Danyliw] 
 - Comment about NAT https://github.com/oauth-wg/oauth-cross-device-security/issues/261 [Mike Bishop] 
 - Declare risk of hardware devices for physical connectivity as out of scope https://github.com/oauth-wg/oauth-cross-device-security/issues/257 [Roman Danyliw] 
 - Clarify "clear" https://github.com/oauth-wg/oauth-cross-device-security/issues/258 [Roman Danyliw] 
 - Add arrow to diagram https://github.com/oauth-wg/oauth-cross-device-security/issues/260 [Mike Bishop] 
 - Emphasise proximity as an important mitigation https://github.com/oauth-wg/oauth-cross-device-security/issues/256 [Roman Danyliw] 
 - Anchor mitigation selection on risk assessment https://github.com/oauth-wg/oauth-cross-device-security/issues/255 [Roman Danyliw] 


* oauth-wg/draft-ietf-oauth-status-list (+0/-2/💬1)
 1 issues received 1 new comments:
 - #337 Orie Steele's review (1 by c2bo)

   https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/337 


 2 issues closed:

 - Andy Newton's Review https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/334 
 - Fix typo in Size comparison table https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/341 [pending-close] 


* oauth-wg/draft-ietf-oauth-attestation-based-client-auth (+0/-0/💬1)
 1 issues received 1 new comments:
 - #123 Similar proposal in AT Protocol: DPoP-bound private_key_jwt client 
authentication (1 by matthieusieben)

   https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/123 [pending-close] 


* oauth-wg/oauth-identity-assertion-authz-grant (+1/-1/💬4)
 1 issues created:
 - Identifying the ID-JAG tenant in multi-tenant resource authorization servers 
(by vsinghania-stytch)

   https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/72 


 2 issues received 4 new comments:
 - #72 Identifying the ID-JAG tenant in multi-tenant resource authorization 
servers (2 by mcguinness, vsinghania-stytch)

   https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/72 
 - #71 Add recommendations/considerations for user provisioning (2 by mcguinness, vsinghania-stytch)
   https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/71 


 1 issues closed:

 - Identifying the ID-JAG tenant in multi-tenant resource authorization servers https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/72 


* oauth-wg/draft-ietf-oauth-client-id-metadata-document (+0/-0/💬3)
 1 issues received 3 new comments:
 - #30 Client metadata retrieval can be abused to make server issued requests 
(3 by ThisIsMissEm, trwnh)

   https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document/issues/30 




Pull requests
-------------
* oauth-wg/oauth-transaction-tokens (+1/-0/💬0)
 1 pull requests submitted:
 -  (by PieterKas)

    


* oauth-wg/oauth-sd-jwt-vc (+2/-0/💬0)
 2 pull requests submitted:
 -  (by awoie)

    
 -  (by bc-pi)
    


* oauth-wg/oauth-cross-device-security (+10/-0/💬0)
 10 pull requests submitted:
 -  (by PieterKas)

    
 -  (by PieterKas)
    
 -  (by PieterKas)
    
 -  (by PieterKas)
    
 -  (by PieterKas)
    
 -  (by PieterKas)
    
 -  (by PieterKas)
    
 -  (by PieterKas)
    
 -  (by PieterKas)
    
 -  (by PieterKas)
    


* oauth-wg/oauth-selective-disclosure-jwt (+0/-0/💬1)
 1 pull requests received 1 new comments:
 - #583 Add Haskell sd-jwt link to README (1 by yaronf)

   https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/583 


* oauth-wg/draft-ietf-oauth-status-list (+2/-0/💬0)
 2 pull requests submitted:
 -  (by tplooker)

    
 -  (by tplooker)
    


* oauth-wg/draft-ietf-oauth-rfc7523bis (+0/-0/💬3)
 1 pull requests received 3 new comments:
 - #24 tradeoffs between using issuer and specific endpoint urls (3 by 
AxelNennker)

   https://github.com/oauth-wg/draft-ietf-oauth-rfc7523bis/pull/24 



Repositories tracked by this digest:
-----------------------------------
* https://github.com/oauth-wg/oauth-browser-based-apps
* https://github.com/oauth-wg/oauth-identity-chaining
* https://github.com/oauth-wg/oauth-transaction-tokens
* https://github.com/oauth-wg/oauth-sd-jwt-vc
* https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata
* https://github.com/oauth-wg/oauth-cross-device-security
* https://github.com/oauth-wg/oauth-selective-disclosure-jwt
* https://github.com/oauth-wg/oauth-v2-1
* https://github.com/oauth-wg/draft-ietf-oauth-status-list
* https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth
* https://github.com/oauth-wg/oauth-identity-assertion-authz-grant
* https://github.com/oauth-wg/draft-ietf-oauth-rfc8725bis
* https://github.com/oauth-wg/draft-ietf-oauth-rfc7523bis
* https://github.com/oauth-wg/oauth-first-party-apps
* https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document


--
To have a summary like this sent to your list, see: 
https://github.com/ietf-github-services/activity-summary

_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]























					Reply via email to