Re: [OAUTH-WG] DPoP - Downgrades, Transitional Rollout & Mixed Token Type Deployments

Francis Pouatcha Sun, 07 Jun 2020 08:03:19 -0700

On Sun, Jun 7, 2020 at 10:18 AM Nov Matake <mat...@gmail.com> wrote:

> private_key_jwt and mTLS can be sender PoP method for code too.
>
>
Yes,correct thanks for pointing this out: So we have
code :
  -> sender : Client
  -> consumer : AS
  -> sender PoP :
       --> confidential client: [code_verifier (PKCE)  AND [
private_key_jwt XOR mTLS ] ]
       --> public client:  code_verifier (PKCE) AND ?


refresh_token :
  -> sender : Client
  -> consumer : AS
  -> sender PoP :
       --> confidential client: private_key_jwt, mTLS
       --> public client:  DPoP AND ?

access_token :
  -> presenter : Client
  -> consumer : RS
  -> sender PoP :
       --> confidential client: private_key_jwt, mTLS
       --> public client:  DPoP AND ?

@Daniel Fett <f...@danielfett.de>  I still have some question marks in
here. Am I missing anything?
-- 
Francis Pouatcha
Co-Founder and Technical Lead at adorys
https://adorsys-platform.de/solutions/

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] DPoP - Downgrades, Transitional Rollout & Mixed Token Type Deployments

Reply via email to