- edited description
Section 3 - parameter name conflict with Proof-of-Posession.
Issue #9
wontfix
In section 3, it is stated that
... the Authorization Request Object SHOULD contain the Claims "iss" (issuer) and "aud" (audience) as members ...'
However, that will produce a parameter name conflict with the "aud" parameter from OAuth 2.0 Proof-of-Possession: Authorization Server to Client Key Distribution.
Seems like draft-ietf-oauth-pop-key-distribution will need to change its parameter name (aud in JWT is pretty well established). And shouldn't draft-ietf-oauth-jwsreq register some of the JWT's Registered Claim Names (at least iss and aud but maybe exp and others) as authorization request OAuth parameters?
(Brian Campbell)
Comments (2)
-
reporter -
reporter - changed status to wontfix
Param registration should be done elsewhere.
- Log in to comment