Hi all! I am reading through the latest draft ( ... dpop-02). When I got to the first example request (bullet 5.) I saw that only 'grant_type, code, redirect_uri' are used.
If I am not mistaken the recommendation is to generally use PKCE with an authorization_code flow. Therefore, I wondered if the example should also include a 'code_verifier'. Thanks, Sascha On Mon, 8 Jul 2019 at 06:30, Daniel Fett <danielf+oa...@yes.com> wrote: > > All, > > In preparation for the meeting in Montreal, I just uploaded a new version of > the DPoP draft: > https://tools.ietf.org/html/draft-fett-oauth-dpop-02 > > Please have a look and let me know what you think. We should make this a > working group item soon. > > As you might have noticed, there is also a new version of the Security Best > Current Practice draft: > https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13 > > -Daniel > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
