Thanks Aaron and Brian. It is very useful to have this defined. Cheers
Pieter On Wed, Oct 8, 2025 at 11:52 AM Lombardo, Jeff <jeffsec= [email protected]> wrote: > Interesting and straight forward indeed. > > > > *Jean-François “Jeff” Lombardo* | Amazon Web Services > > > > Architecte Principal de Solutions, Spécialiste de Sécurité > Principal Solution Architect, Security Specialist > Montréal, Canada > > *Commentaires à propos de notre échange? **Exprimez-vous **ici* > <https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$> > *.* > > > > *Thoughts on our interaction? Provide feedback **here* > <https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$> > *.* > > > > *From:* Aaron Parecki <[email protected]> > *Sent:* October 8, 2025 2:22 PM > *To:* OAuth WG <[email protected]> > *Subject:* [EXT] [OAUTH-WG] DPoP for the OAuth Device Authorization Grant > > > > *CAUTION*: This email originated from outside of the organization. Do not > click links or open attachments unless you can confirm the sender and know > the content is safe. > > > > *AVERTISSEMENT*: Ce courrier électronique provient d’un expéditeur > externe. Ne cliquez sur aucun lien et n’ouvrez aucune pièce jointe si vous > ne pouvez pas confirmer l’identité de l’expéditeur et si vous n’êtes pas > certain que le contenu ne présente aucun risque. > > > > Hi all, > > > > I recently was asked how to use DPoP with the Device Authorization Grant, > which seemed like a straightforward question to answer. So I went to look > at the DPoP spec to look for something I could point to, and was surprised > to find no mention of it at all. There was, however, a mention of how to > use DPoP with Pushed Authorization Requests, which is conceptually similar. > > > > It seemed relatively straightforward in my head to connect the dots > between DPoP and the Device Grant, but it was never actually written down > for others. So I took some time to put this together with Brian: > > > > https://datatracker.ietf.org/doc/html/draft-parecki-oauth-dpop-device-flow > > > > --- > > Aaron Parecki > > > _______________________________________________ > OAuth mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
