Messages - 2.2.1 client_secret_jwt and private_key_jwt authentication methods
Issue #383
resolved
The current draft only allows the authentication to be used in a POST method. Should it be allowed to used the Header method also? Perhaps we should mention section 2.1 and 2.2 of Bearer Tokens?
Comments (3)
-
-
re
#383add reference to I-D.ietf.oauth-assertions. -
-
assigned issue to
- changed status to resolved
Addition of reference to assertion profile clarifies.
-
assigned issue to
- Log in to comment
The reference is to http://tools.ietf.org/html/draft-jones-oauth-jwt-bearer-01#section-2.2
Perhaps directly referencing http://tools.ietf.org/html/draft-ietf-oauth-assertions-01#section-4.1 could be added, but too many references is also confusing.
This is not about the OAuth Bearer Token profile.