Attempt to tweak the wording in JAR so that it is clear that a request URI produced by the AS (e.g., when using PAR) doesn't have to be a JWT
Brian Campbell
Branch: b_c/oauth-jwsreq:master
Branch: Nat/oauth-jwsreq:master
Merged
Merged pull request
Merged in b_c/oauth-jwsreq (pull request #3)
Attempt to tweak the wording in JAR so that it is clear that, e.g., when using PAR, a request URI produced by the AS doesn't have to be a JWT. A number of approaches for this have been discussed at some length in various forums (see links) but the decision from the recent interim meeting was to look at making the change in JAR. So that's what this commit does.
https://github.com/oauthstuff/draft-oauth-par/issues/40
https://mailarchive.ietf.org/arch/msg/oauth/yMIwXcimzZ3FVRSJYRoF5Vczdng/
http://lists.openid.net/pipermail/openid-specs-ab/Week-of-Mon-20200420/007739.html
https://datatracker.ietf.org/meeting/interim-2020-oauth-05/materials/minutes-interim-2020-oauth-05-202004201200