- changed status to open
Messages - Align Token endpoint Authentication with oauth-jwt-bearer
Align Token endpoint Authentication with oauth-jwt-bearer
Comments (7)
-
reporter -
Account Deleted Align how exactly? The clients could be issued any number of identities and secrets, which could be passed via BASIC or the form parameters or JWT or ...
What exactly do we get by specifying a JWT style client auth? And doesn't the dynamic registration issue a client ID and optional secret, not a JWT?
-
reporter re
#334Messages - 2.2.1 make claims consistent with oauth-jwt-bearer -
reporter - changed status to resolved
Fix
#334Messages - Add example and reference. -
- changed status to open
I really doubt that this use of SAML was intended in the Messages spec: client_assertion_type=urn%3Aoasis%3Anames%sAtc%3ASAML%3A2.0%3Aassertion&
Also, the “iat” usage should become “nbf” (Not Before), per the current JWT spec.
-
reporter - changed status to resolved
Fix
#334Messages - fix example, change nonce to token id. -
- changed title to Messages - Align Token endpoint Authentication with oauth-jwt-bearer
- Log in to comment