TLS for Grant Management Endpoint
The ID1 of Grant Management for OAuth 2.0 does not mention explicitly that the grant management endpoint should (or must) utilize TLS. If it is written explicitly, an authorization server implementation will be able to have a justifiable reason to prevent any non-https URI from being registered as a value for grant_management_endpoint
.
cf. Excerpt from CIBA Core 1.0, 7. Backchannel Authentication Endpoint
Communication with the Backchannel Authentication Endpoint MUST utilize TLS. See Section 16.17 [OpenID.Core] for more information on using TLS.
Comments (4)
-
-
agreed, thanks!
-
- changed status to closed
Introduce requirement for TLS, closes
#446→ <<cset 19652bde7f52>>
-
Merged in stuart-low/require-tls-on-gm-api (pull request #293)
Introduce requirement for TLS, closes
#446Approved-by: Dima Postnikov Approved-by: Dave Tonge Approved-by: Nat Sakimura Approved-by: Joseph Heenan
→ <<cset fbbacad86a30>>
- Log in to comment
Authors agree, intent to add this statement.