Interesting and straight forward indeed. Jean-François “Jeff” Lombardo | Amazon Web Services
Architecte Principal de Solutions, Spécialiste de Sécurité Principal Solution Architect, Security Specialist Montréal, Canada Commentaires à propos de notre échange? Exprimez-vous ici<https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$>. Thoughts on our interaction? Provide feedback here<https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$>. From: Aaron Parecki <[email protected]> Sent: October 8, 2025 2:22 PM To: OAuth WG <[email protected]> Subject: [EXT] [OAUTH-WG] DPoP for the OAuth Device Authorization Grant CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. AVERTISSEMENT: Ce courrier électronique provient d’un expéditeur externe. Ne cliquez sur aucun lien et n’ouvrez aucune pièce jointe si vous ne pouvez pas confirmer l’identité de l’expéditeur et si vous n’êtes pas certain que le contenu ne présente aucun risque. Hi all, I recently was asked how to use DPoP with the Device Authorization Grant, which seemed like a straightforward question to answer. So I went to look at the DPoP spec to look for something I could point to, and was surprised to find no mention of it at all. There was, however, a mention of how to use DPoP with Pushed Authorization Requests, which is conceptually similar. It seemed relatively straightforward in my head to connect the dots between DPoP and the Device Grant, but it was never actually written down for others. So I took some time to put this together with Brian: https://datatracker.ietf.org/doc/html/draft-parecki-oauth-dpop-device-flow --- Aaron Parecki
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
