First of all, thanks to everyone who worked on this draft. (Aaron - special
thanks for your time at OSW!). This is also to register our (Backbase)
interest in contributing to the draft.
Question on using FiPNA for step-up and similar cases; as long as cookies
are not used in the native scenario,
Hi George,
Indeed, it might be time to re-think how scopes work in general.Food for
thought for all of us here.
Re: step up auth spec: I suppose you are referring to the
"insufficient_user_authentication" error response (in Section 3
I agree with this errata, it should have been "authorization code". This
sentence was also removed from OAuth 2.1, since the PKCE code
challenge/code verifier mechanism is a more complete protection against
authorization code substitution.
Aaron
On Tue, Sep 5, 2023 at 6:00 AM RFC Errata System
Hi Atul,
I think this is the beginning of a really interesting discussion. I'm
wondering if we should start a different thread. The recent OAuth Step-up
spec could help in this regard and static RS documentation could be used to
describe which scopes are needed for which endpoints. However, as we
The following errata report has been submitted for RFC6749,
"The OAuth 2.0 Authorization Framework".
--
You may review the report below and at:
https://www.rfc-editor.org/errata/eid7631
--
Type: Editorial
Reported by: Daiki