On Tue, Feb 9, 2021 at 5:53 AM Francis Pouatcha wrote:
> Find bellow my review of the draft:
>
>
>1. Redactional changes:
>
> 2.2. Authorization Data Types
>
>
> Interpretation of the value of the "type" parameter, and the object
>
>elements that the "type" parameter allows => allowed
>
Dear all,
Brian and yours truly are proposing a new specification that shows how the user
agent frontend of a web app can delegate token acquisition and persistence to
its backend, and request such tokens when needed for direct access of protected
resources from the frontend code.
The pattern
> On 11 Feb 2021, at 21:43, Andrii Deinega wrote:
>
>
> Thank you for the response! Unfortunately, I'm still not convinced that there
> is no need for nonce.
>
> Based on the draft, I don't know how it's possible to achieve a “stronger
> assurance that the authorizationserver issued the
