Messages - Align Token endpoint Authentication with oauth-jwt-bearer

Comments (7)

1. 

   John Bradley reporter

   • changed status to open

   • 2011-11-17T19:23:02+00:00
2. 

   Former user Account Deleted

   Align how exactly? The clients could be issued any number of identities and secrets, which could be passed via BASIC or the form parameters or JWT or ...

   What exactly do we get by specifying a JWT style client auth? And doesn't the dynamic registration issue a client ID and optional secret, not a JWT?

   • 2011-11-17T19:44:47+00:00
3. 

   John Bradley reporter

   re #334 Messages - 2.2.1 make claims consistent with oauth-jwt-bearer

   → fcec13a24505

   • 2011-11-17T20:57:08+00:00
4. 

   John Bradley reporter

   • changed status to resolved

   Fix #334 Messages - Add example and reference.

   → 37b4530e633d

   • 2011-11-17T21:48:29+00:00
5. 

   Michael Jones

   • changed status to open

   I really doubt that this use of SAML was intended in the Messages spec: client_assertion_type=urn%3Aoasis%3Anames%sAtc%3ASAML%3A2.0%3Aassertion&

   Also, the “iat” usage should become “nbf” (Not Before), per the current JWT spec.

   • 2011-11-18T02:52:27+00:00
6. 

   John Bradley reporter

   • changed status to resolved

   Fix #334 Messages - fix example, change nonce to token id.

   → 6e27578ad51e

   • 2011-11-18T20:21:08+00:00
7. 

   Nat Sakimura

   • changed title to Messages - Align Token endpoint Authentication with oauth-jwt-bearer

   • 2012-02-11T04:35:20+00:00
8. Log in to comment