-
assigned issue to
BK Comments 10.1
Issue #93
resolved
Section 10.1
When sending the authorization request object through "request"
parameter, it MUST either be signed using JWS [RFC7515] or encrypted
using JWE [RFC7516] with then considered appropriate algorithm.
Up in Section 5 we only allow (a) signed and (b) signed then encrypted;
similarly, in Section 4 we reiterate "signed then encrypted". Why is it
okay to talk about just "signed or encrypted" here?
Comments (4)
-
-
reporter - changed status to resolved
Merged in edmund_jay/oauth-jwsreq/BK_comments_10.1 (pull request #14)
Fixes
#93BK Comments 10.1Approved-by: Nat Sakimura sakimura@gmail.com
→ <<cset 001b73bd836b>>
-
reporter Fixes
#93BK Comments 10.1→ <<cset fd2a79708ca7>>
-
reporter Merged in edmund_jay/oauth-jwsreq/BK_comments_10.1 (pull request #14)
Fixes
#93BK Comments 10.1Approved-by: Nat Sakimura sakimura@gmail.com
→ <<cset 001b73bd836b>>
- Log in to comment