Re: [OAUTH-WG] Martin Duke's No Objection on draft-ietf-oauth-access-token-jwt-12: (with COMMENT)

Alright, this all sounds good without any changes, except: On Wed, Apr 14, 2021 at 12:18 AM Vittorio Bertocci < vittorio.berto...@auth0.com> wrote: > > > (4) I presume it's important that any resouree server rejection of > the token > > should be constant-time. Is this somewhere in the RF

[OAUTH-WG] April 19th Interim Meeting Minutes

All, Take a look at the following links for the April 19th interim meeting minutes: https://codimd.ietf.org/s/notes-ietf-interim-2021-oauth-06-oauth https://datatracker.ietf.org/doc/minutes-interim-2021-oauth-06-202104191200/ Thanks to *Heather Flanagan *for taking these notes. Regards, Rifaat

[OAUTH-WG] (no subject)

All, Take a look at the following links for the April 19th interim meeting minutes: https://codimd.ietf.org/s/notes-ietf-interim-2021-oauth-06-oauth https://datatracker.ietf.org/doc/minutes-interim-2021-oauth-06-202104191200/ Thanks to *Heather Flanagan *for taking these notes. Regards, Rifaat

[OAUTH-WG] authorization_details token request parameter and comparison in RAR

Hi all, in the recent RAR session, we started a discussion about an authorization_details token request parameter. This parameter would allow us to solve several outstanding topics: - Let the client determine what privileges to assign to the first access token issued in exchange for an author