Hi,

Not the author, just another reviewer.

Here are some elements that have been provided in the past WG Discussions based 
on Yaron comments:


  *   HTTP 401 vs 403.

As noted from this WG during former discussions around our aborted joint 
proposal  
https://github.com/identitymonk/draft-lombardo-oauth-step-up-authz-challenge-proto
 there is actually no guarantee that HTTP servers and libraries could handle a 
403 with a WWW-Authenticate header


  *   Header size.
While true, returning it as Body content was already flagged as breaking 
protocols like MCP who expects JSON RPC content in body even in case of non 200 
responses.

Here are some elements of my own understanding:


  *   Transaction and single-use semantics
While this does not remove anything from Yaron comments, the whole draft is  
about binding to transaction details, still the only outcome is an Access 
Token. I recommend the authors to consider Transaction Token issuance as 
possible outcome - https://github.com/yaroslavros/oauth-txn-challenge/issues/17.

  *   Initial failure as the only path.
Assumption: The protected resources could be a sub-system, composed of multiple 
backend layers in the same trust domain. Therefore there could be conditions 
expressed by the downstream components, not visible from the Client through the 
Protected Resource Metadata endpoint. Such situation would require such 
transactional validation while the initially presented Access Token is valid 
from a Resource Server standpoint.

  *   JWT representation of transaction challenges
Authorization details in this Draft is a reference to the structure defined by 
Rich Authorization Request / RFC 
9396<https://datatracker.ietf.org/doc/html/rfc9396> not a reference to the flow 
of the same specification.

The outcome of the Authorization Challenge is made for the consumption by the 
Protected Resource in the overall flow which is the Client of the specific 
Transaction challenge flow. Therefore there shall  be no processing  possible 
that could tamper from what the Protected Resource needs as confirmation. 
Therefore the signature is a not a protection of the authorization_details  
structure but the Authorization challenge as a whole.

  *   Transaction authorization endpoint details
This endpoint:
     *   Cannot support PAR as this specification focuses on an OAuth 2 
Authorization Request, which this Draft is not based on. If the authors were to 
go this way that would be a complete fork from PAR anyway.
     *   Should support DPoP optionally when it issues an Access Token as it is 
of type `Bearer`- https://github.com/yaroslavros/oauth-txn-challenge/issues/18


  *   Token issuance pattern
In this Draft the Protected Resource is the Client of the Transaction challenge 
and only it should receive the confirmation understanding that the protected 
resources could be a sub-system, composed of multiple backend layers in the 
same trust domain where the transaction token could be replayed as long as it 
is related to the same transaction and within the time boundaries.


  *   Access token relay
I agree that the protection from DPoP should be mentioned in this. I would add 
that Twice is mentionned that the Access Token must not be modified, but can it 
be? - https://github.com/yaroslavros/oauth-txn-challenge/issues/19



Jeff

Jean-François “Jeff” Lombardo | Amazon Web Services

Architecte Principal de Solutions, Stratégie de Sécurité
Principal Solution Architect, Security Strategy
Montréal, Canada

Commentaires à propos de notre échange? Exprimez-vous 
ici<https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$>.

Thoughts on our interaction? Provide feedback 
here<https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$>.

From: Yaron ZEHAVI <[email protected]>
Sent: June 29, 2026 6:11 AM
To: Yaroslav Rosomakho <[email protected]>; [email protected]
Cc: [email protected]
Subject: [EXT] [OAUTH-WG] Re: OAuth Transaction Authorization Challenge


CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you can confirm the sender and know the 
content is safe.


AVERTISSEMENT: Ce courrier électronique provient d’un expéditeur externe. Ne 
cliquez sur aucun lien et n’ouvrez aucune pièce jointe si vous ne pouvez pas 
confirmer l’identité de l’expéditeur et si vous n’êtes pas certain que le 
contenu ne présente aucun risque.

Dear Yaroslav and co-authors,

Thank you for sharing this draft. I found it interesting and useful.

As background, my 
rar-metadata<https://datatracker.ietf.org/doc/draft-zehavi-oauth-rar-metadata/> 
draft explores a related pattern: a protected resource returns an authorization 
failure using the WWW-Authenticate header to indicate insufficient 
authorization, together with actionable remediation information, including 
authorization details objects.

I therefore appreciate seeing a similar pattern explored here, and I think this 
is a useful area for the WG to discuss.

Detailed feedback and questions:

  *   Transaction and single-use semantics. The specific “transaction” concept 
is familiar to me from banking use cases. However, up until now OAuth has not 
generally defined single-use token semantics. That is, an authorization server 
typically has no idea how many times a resource server will accept a given 
access token for a given resource request. This has historically been enforced 
by the resource server. What requirement motivates making the authorization 
server aware of resource-server token-handling semantics? If the AS is expected 
to know this, would it make sense for the token response to include a 
token-usage attribute, analogous to but distinct from expires_in?
  *   Role of the agent. The agent appears to be a normative part of the draft. 
To me, that seems to limit the scope of the solution, while the agent does not 
appear to perform specific protocol steps beyond declaring capability. In 
several places, the agent seems more like a channel that requires adversarial 
considerations, such as tampering, rather than a required protocol actor. 
Should the draft instead treat the agent as a security consideration?
  *   Capability discovery. OAuth has metadata mechanisms for discovering 
client, authorization server, and resource server capabilities. Perhaps the 
capability declaration currently associated with the agent could instead reuse 
or extend those mechanisms. In addition to the agent, the client needs to be 
able to process the challenge, be a client of any authorization server 
identified by the challenge JWT, and that authorization server also needs to 
support the mechanism. It may be useful to describe how these capabilities are 
discovered and negotiated.
  *   Initial failure as the only path. The draft seems optimized for the case 
where the client first calls the protected resource, receives a challenge, and 
then obtains a compliant token. If the client already knows the resource’s 
authorization requirements, can it request a compliant token up front and avoid 
the initial failure? If so, it may be useful to describe that path explicitly.
  *   HTTP 401 vs 403. The draft uses HTTP 401. Could you explain the 
reasoning? For insufficient authorization where credentials were already 
provided, HTTP 403 seems more directly aligned with RFC 9110: “the server 
understood the request but refuses to fulfill it. If authentication credentials 
were provided, the server considered them insufficient.” This is also the 
approach I took in my draft.
  *   JWT representation of transaction challenges. Could you elaborate on why 
transaction challenges are represented as JWTs?

     *   If the goal is authenticity or integrity of the challenge contents, it 
would help to state that explicitly.
     *   RAR, RFC 9396, does not require signed authorization details; the AS 
evaluates the authorization_details input as part of the authorization request. 
If the concern is that the agent or another intermediary may tamper with the 
challenge, perhaps the JWT could be consumed by the client. The client could 
validate the JWT, extract the usable parts, and use them in a normal OAuth 
request. That would avoid requiring the AS to understand challenge JWTs or 
maintain a trust relationship with resource servers.
     *   The JWT does not appear to be included in the later access token 
request or in the client’s subsequent request to the protected resource. 
Therefore, checks such as verifying consistency with the authorization_details 
claim in the transaction authorization challenge seem to require 
resource-server state. Is that intended?

  *   Header size. Returning the challenge JWT in the WWW-Authenticate header 
may create interoperability issues due to header size limits, even before 
considering larger post-quantum signatures.
  *   Authorization server selection. The challenge can appear to identify an 
authorization server different from the one used to obtain the token in the 
failing request. This may be problematic if the client cannot use the indicated 
AS, is not registered with that AS, or the AS does not support this mechanism. 
It may be useful to describe the expected client behavior in that case.
  *   New endpoint / grant pattern. Could you explain the reason for 
introducing a new transaction authorization endpoint? Is this also intended to 
define a new grant type? Since FiPA already supports challenge negotiation and 
allows the AS to request direct interaction with the end user through 
redirect_to_web, perhaps a FiPA extension with your use case plus the Deferred 
Token Response 
draft<https://datatracker.ietf.org/doc/draft-gerber-oauth-deferred-token-response/>
 could address your use case without necessitating a new endpoint.
  *   Transaction authorization endpoint details. Which parameters does the 
transaction authorization endpoint accept, and which OAuth mechanisms are 
intended to apply to it, such as client authentication, PAR, DPoP/mTLS 
sender-constraining, etc.?
  *   User redirection and polling. When authorization_uri is returned and the 
end user is redirected there, how does the client obtain the result? Is the 
client expected to poll in parallel?
  *   Token issuance pattern. FiPA returns a code and leaves token issuance to 
the token endpoint, whereas this draft’s transaction authorization endpoint 
appears to return tokens directly. Would it make sense to align the patterns?
  *   Access token relay. The draft says: “In deployments where one agent 
delegates work to another agent, the access token MAY be relayed through one or 
more intermediate agents before being presented to the protected resource.” 
Relaying an access token through multiple agents seems difficult to combine 
with DPoP, since the proof binds token use to one key.

Regards,
Yaron ZEHAVI



Classification: GENERAL
From: Yaroslav Rosomakho 
<[email protected]<mailto:[email protected]>>
Sent: Thursday, June 25, 2026 1:50 PM
To: [email protected]<mailto:[email protected]>
Cc: 
[email protected]<mailto:[email protected]>
Subject: [OAUTH-WG] OAuth Transaction Authorization Challenge

You don't often get email from 
[email protected]<mailto:[email protected]>.
 Learn why this is important<https://aka.ms/LearnAboutSenderIdentification>
This message is from an external sender - be cautious, particularly with links 
and attachments.

And this time without a typo in the email alias for draft authors...

-yaroslav

On Thu, Jun 25, 2026 at 12:19 PM Yaroslav Rosomakho 
<[email protected]<mailto:[email protected]>> wrote:
Dear OAuth enthusiasts,

Pieter, Brian, Karl and I have submitted a new individual draft: OAuth 
Transaction Authorization Challenge (draft-rosomakho-oauth-txn-challenge).

This specification defines a mechanism for a protected resource to request 
transaction-specific authorization before completing a particular operation. 
The protected resource returns a signed transaction authorization challenge, 
which is relayed through the agent(s) down to the client. The client presents 
the challenge to the authorization server, which validates it, obtains any 
required approval from a human user and/or any additional relevant approving 
party, and issues an access token whose granted authorization details describe 
the approved operation.

The motivating use cases include agent-initiated actions requiring human 
approval (aka "human-in-the-loop") and flexible integration with organizational 
approval workflows. The mechanism is intended to complement OAuth step-up 
authentication and CIBA by requesting authorization for a specific transaction 
rather than stronger or fresher authentication alone.

Questions, suggestions, concerns and overall feedback is very welcome!

Thank you.

-yaroslav
---------- Forwarded message ---------
A new version of Internet-Draft draft-rosomakho-oauth-txn-challenge-00.txt has
been successfully submitted by Yaroslav Rosomakho and posted to the
IETF repository.

Name:     draft-rosomakho-oauth-txn-challenge
Revision: 00
Title:    OAuth Transaction Authorization Challenge
Date:     2026-06-25
Group:    Individual Submission
Pages:    33
URL:      
https://www.ietf.org/archive/id/draft-rosomakho-oauth-txn-challenge-00.txt
Status:   https://datatracker.ietf.org/doc/draft-rosomakho-oauth-txn-challenge/
HTML:     
https://www.ietf.org/archive/id/draft-rosomakho-oauth-txn-challenge-00.html
HTMLized: 
https://datatracker.ietf.org/doc/html/draft-rosomakho-oauth-txn-challenge


Abstract:

   This document defines an OAuth mechanism for transaction-specific
   authorization challenges.  A protected resource can require
   additional authorization for a particular operation by returning a
   transaction authorization challenge.  This is useful when requests
   are mediated by agents, automated workflows, or delegated services
   and the protected resource requires confirmation from a human user,
   resource owner, or organizational authority.  The client presents the
   challenge to an authorization server, which validates the challenge,
   obtains any required approval, and issues an OAuth 2.0 access token
   whose granted authorization details, expressed using Rich
   Authorization Requests, describe the approved operation.  The access
   token is then presented to the protected resource as evidence that
   the challenged operation was authorized.



The IETF Secretariat


This communication (including any attachments) is intended for the sole use of 
the intended recipient and may contain confidential, non-public, and/or 
privileged material. Use, distribution, or reproduction of this communication 
by unintended recipients is not authorized. If you received this communication 
in error, please immediately notify the sender and then delete all copies of 
this communication from your system.
This message and any attachment ("the Message") are confidential. If you have 
received the Message in error, please notify the sender immediately and delete 
the Message from your system, any use of the Message is forbidden. 
Correspondence via e-mail is primarily for information purposes. RBI neither 
makes nor accepts legally binding statements via e-mail unless explicitly 
agreed otherwise. Information pursuant to § 14 Austrian Companies Code: 
Raiffeisen Bank International AG; Registered Office: Am Stadtpark 9, 1030 
Vienna, Austria; Company Register Number: FN 122119m at the Commercial Court of 
Vienna (Handelsgericht Wien).
_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to