1. Nat Sakimura
  2. Untitled project
  3. oauth-jwsreq
  4. Pull requests

Attempt to tweak the wording in JAR so that it is clear that a request URI produced by the AS (e.g., when using PAR) doesn't have to be a JWT

Merged
#3 · Created  · Last updated

Merged pull request

Merged in b_c/oauth-jwsreq (pull request #3)

  • 834e8ae
  • Author:
  • Closed by:
  • 2020-04-27

Description

Attempt to tweak the wording in JAR so that it is clear that, e.g., when using PAR, a request URI produced by the AS doesn't have to be a JWT. A number of approaches for this have been discussed at some length in various forums (see links) but the decision from the recent interim meeting was to look at making the change in JAR. So that's what this commit does.

https://github.com/oauthstuff/draft-oauth-par/issues/40
https://mailarchive.ietf.org/arch/msg/oauth/yMIwXcimzZ3FVRSJYRoF5Vczdng/
http://lists.openid.net/pipermail/openid-specs-ab/Week-of-Mon-20200420/007739.html
https://datatracker.ietf.org/meeting/interim-2020-oauth-05/materials/minutes-interim-2020-oauth-05-202004201200

0 attachments

Loading commits...