Overall it looks pretty good to me.
One little nit is that I don't love this text from the end of sec 2.4 that
talks about JARM:
'Note: The "JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)"
[JARM] forbids the use of additional parameters in the authorization
response. Therefore, the i
Perhaps this draft could be marked as replacing
draft-ietf-oauth-mix-up-mitigation (I think the chairs have the tools to do
that) so that the datatracker somewhat reflects the history?
Some discussion in the draft itself might be helpful to a subset of readers
interested or knowledgeable about the
I went ahead and pushed an -08 that hopefully addresses all your feedback
and suggestions.
https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-par-08
https://datatracker.ietf.org/doc/draft-ietf-oauth-par/
On Fri, May 14, 2021 at 2:55 PM Brian Campbell
wrote:
> Thanks for the review Roman! R
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol WG of the IETF.
Title : OAuth 2.0 Pushed Authorization Requests
Authors : Torsten Lodderstedt
Br
Thanks for the review Roman! Responses from me are inline below. And I'll
endeavor to get a new draft published soon that addresses your feedback.
On Fri, May 14, 2021 at 1:17 PM Roman Danyliw wrote:
> Hi!
>
> I performed my AD review of draft-ietf-oauth-par-07. Thanks for the
> effort to prod
Hi!
I performed my AD review of draft-ietf-oauth-par-07. Thanks for the effort to
produce this document. See my feedback below:
** Section 1.1. Per the first POST example, please provide a bit more text to
explain the presence of the Authorization header.
** Section 2.1. Per step #1, "Auth