Brian,
Perhaps I should have spelled out what I have stated as "grandfather the
currently registered OAuth Authorization Request parameters into JWT Claims
Registry and keep any incoming OAuth Authz param in sync with the JWT
Claims Registry by creating a modified instruction for IANA processings.
Hello I got a little problem im keep getting ERROR 405 with this message
“Sorry, your request has been blocked as it may cause potential threats to the
server's security.
Your request ID is : 0bc1a90415639964283497695e3598“
Can I ask for help pls what I need to do ?
Thanks
Regards
A J Evans
__
Nat, you suggest that the "simplest solution probably is to register the
authorization request parameters to the JWT Claims registry." However, as
I've attempted to articulate several times this week (
https://mailarchive.ietf.org/arch/msg/oauth/0EenxmThjII52SAr9atpBStRtcs and
muliple comments on h
Thanks very much for the comments.
Here are my responses to your comments.
On Wed, Jul 3, 2019 at 2:59 PM Benjamin Kaduk via Datatracker <
nore...@ietf.org> wrote:
>
> Benjamin Kaduk has entered the following ballot position for
> draft-ietf-oauth-jwsreq-19: Discuss
>
> When responding, please kee
Thanks for your answers.
Let me rephrase if you don't mind. Acceptable keys for decryption of a
request object are those with:
(use:enc or no use)
AND
(key_ops:encrypt or key_ops:deriveKey or no key_ops)
AND
(alg in request_object_encryption_alg_values_supported (from OpenID
Thanks Vincent, I've fixed the nit in the source controlled editor's xml
version and it'll show up in the next draft revision.
On Thu, Jul 25, 2019 at 3:06 PM Vincent Roca via Datatracker <
nore...@ietf.org> wrote:
> Reviewer: Vincent Roca
> Review result: Ready
>
> Hello,
>
> I have reviewed thi
Any use:enc, without “use” or “key_ops” or keyops:encrypt/deriveKey that works
with a supported algorithm, or one with the JWA “alg”.
Odesláno z iPhonu
26. 7. 2019 v 14:01, Brian Campbell
:
> I'd say this one->* any "enc" key published by the AS on its jwks_uri?
>
>> On Thu, Jul 25, 2019 at
I'd say this one->* any "enc" key published by the AS on its jwks_uri?
On Thu, Jul 25, 2019 at 3:50 PM Танги Ле Пенс wrote:
> Dear all,
>
> draft-ietf-oauth-jwsreq-19 gives guidance on which key use to verify a
> JWS' signature (the client's key)
> (https://tools.ietf.org/html/draft-ietf-oauth-j
John, Nat,
Tangui raises a good point I have missed,
draft 14 of jwsreq (JAR) introduced this language
The client MAY send the parameters included in the request object
> duplicated in the query parameters as well for the backward
> compatibility etc.
>
> *However, the authorization server suppo
