A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol WG of the IETF.
Title : The OAuth 2.0 Authorization Framework: JWT Secured
Authorization Request (JAR)
Authors : Nat
I’ve done a full read through of the PAR specification, and here are my notes
on it.
For additional context, I’ve implemented this specification for both a client
and a server in a couple of languages. Overall, I think it’s in good shape and
it makes sense from a developer’s perspective. I’ve
Thanks for the review, Karsten. We'll incorporate your suggestions into the
next revision of the draft.
On Wed, Aug 19, 2020 at 3:41 AM Karsten Meyer zu Selhausen <
karsten.meyerzuselhau...@hackmanit.de> wrote:
> Hi all,
>
> I have two very small suggestions which I also raised as issues on
As promised on the WG call, I’ve gone through the 2.1 document and I’ve made
some notes and suggestions on my way through. A big thanks to the editors for
putting this together, and particularly for Aaron who did the early heavy
lifting on getting a reasonable start on this important work!
But
I agree with Brian here, I think “typ”:”JWT” should be permitted as well as no
typ and “typ”: "oauth.authz.req+jwt".
There are other tests we could write for JAR that an OIDC server will fail (for
example, one that tested the behaviour of passing a value only outside the
request object - which
Hi all,
I have two very small suggestions which I also raised as issues on Github:
1. There are no hints in front of example requests/responses if extra
line breaks are used for display purposes. I think hints such as
"(with extra line breaks for display purposes only)" should be added
