Attempt to tweak the wording in JAR so that it is clear that a request URI produced by the AS (e.g., when using PAR) doesn't have to be a JWT

Branch: b_c/oauth-jwsreq:master

Branch: Nat/oauth-jwsreq:master

Merged

#3 · Created 2020-04-23 · Last updated 2020-04-27

Merged pull request

Merged in b_c/oauth-jwsreq (pull request #3)

834e8ae·Author: Brian Campbell·Closed by: Nat Sakimura·2020-04-27

Description

Attempt to tweak the wording in JAR so that it is clear that, e.g., when using PAR, a request URI produced by the AS doesn't have to be a JWT. A number of approaches for this have been discussed at some length in various forums (see links) but the decision from the recent interim meeting was to look at making the change in JAR. So that's what this commit does.

https://github.com/oauthstuff/draft-oauth-par/issues/40
https://mailarchive.ietf.org/arch/msg/oauth/yMIwXcimzZ3FVRSJYRoF5Vczdng/
http://lists.openid.net/pipermail/openid-specs-ab/Week-of-Mon-20200420/007739.html
https://datatracker.ietf.org/meeting/interim-2020-oauth-05/materials/minutes-interim-2020-oauth-05-202004201200

Attempt to tweak the wording in JAR so that it is clear that a request URI produced by the AS (e.g., when using PAR) doesn't have to be a JWT

Merged pull request

Description

0 attachments

0 comments

Loading commits...