On Sun, Jun 7, 2020 at 10:18 AM Nov Matake <mat...@gmail.com> wrote: > private_key_jwt and mTLS can be sender PoP method for code too. > > Yes,correct thanks for pointing this out: So we have code : -> sender : Client -> consumer : AS -> sender PoP : --> confidential client: [code_verifier (PKCE) AND [ private_key_jwt XOR mTLS ] ] --> public client: code_verifier (PKCE) AND ?
refresh_token : -> sender : Client -> consumer : AS -> sender PoP : --> confidential client: private_key_jwt, mTLS --> public client: DPoP AND ? access_token : -> presenter : Client -> consumer : RS -> sender PoP : --> confidential client: private_key_jwt, mTLS --> public client: DPoP AND ? @Daniel Fett <f...@danielfett.de> I still have some question marks in here. Am I missing anything? -- Francis Pouatcha Co-Founder and Technical Lead at adorys https://adorsys-platform.de/solutions/
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth