The Connect text is lacking detail on why you might have different values for
"iss" and client_id. We should cover that in more detail in this.
That is one good thing about going back and focusing on a specific part of the
spec to pull it out into a separate spec is that it raises questions, t
Hi John
On 27/11/14 19:22, John Bradley wrote:
In sec 6 of openID Connect core we have.
So that the request is a valid OAuth 2.0 Authorization Request, values for the
response_type and client_id parameters MUST be included using the OAuth 2.0
request syntax, since they are REQUIRED by OAuth 2.
In sec 6 of openID Connect core we have.
So that the request is a valid OAuth 2.0 Authorization Request, values for the
response_type and client_id parameters MUST be included using the OAuth 2.0
request syntax, since they are REQUIRED by OAuth 2.0. The values for these
parameters MUST match th
Hi
Should the text require that a "client_id" parameter is always included
as a query parameter too ?
If it is only inside a 'request' parameter then how the server would
identify a client specific key that can be used to validate the signature ?
Or is the idea that if it is JWS and no clie
Hi
Very nice. Can it become drat-oauth-jwsreqres ?
I know spop-04 has been released, we'll update our implementation as
needed, but if an optional signing of a request is of interest, why
can't be signing of the response be of interest too ?
Thanks, Sergey
On 13/11/14 04:07, internet-dra...
This is just a copy edit.
It is a very short spec, which gives you integrity for the request.
It has been used in OpenID Connect.
The real text is only 4 pages long. Please read and comment.
Nat
On Wed, 12 Nov 2014 20:07:29 -0800
internet-dra...@ietf.org wrote:
>
> A New Internet-Draft is
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : Request by JWS ver.1.0 for OAuth 2.0
Authors : Nat Sakimura