[OAUTH-WG] Weekly github digest (OAuth Activity Summary)

Mon, 13 Oct 2025 15:26:12 -0700 



Events without label "editorial"

Issues
------
* oauth-wg/oauth-transaction-tokens (+3/-7/💬7)
 3 issues created:
 - 18 287 4576 (by pinesoelin6-lab)

   https://github.com/oauth-wg/oauth-transaction-tokens/issues/263 
 - 018874576 (by pinesoelin6-lab)
   https://github.com/oauth-wg/oauth-transaction-tokens/issues/262 
 - Review Acknowledgements Section (by PieterKas)
   https://github.com/oauth-wg/oauth-transaction-tokens/issues/260 


 4 issues received 7 new comments:
 - #262 018874576 (1 by pinesoelin6-lab)

   https://github.com/oauth-wg/oauth-transaction-tokens/issues/262 
 - #206 Relation of purpose to scope validated at API gateway (2 by gffletch, obfuscoder)
   https://github.com/oauth-wg/oauth-transaction-tokens/issues/206 
 - #205 purpose containing multiple space-delimited strings (3 by PieterKas, gffletch, obfuscoder)
   https://github.com/oauth-wg/oauth-transaction-tokens/issues/205 
 - #180 Is subject_token always Base64 URL format? (1 by PieterKas)
   https://github.com/oauth-wg/oauth-transaction-tokens/issues/180 


 7 issues closed:

 - 018874576 https://github.com/oauth-wg/oauth-transaction-tokens/issues/262 
 - Relation of purpose to scope validated at API gateway https://github.com/oauth-wg/oauth-transaction-tokens/issues/206 
 - purpose containing multiple space-delimited strings https://github.com/oauth-wg/oauth-transaction-tokens/issues/205 
 - Consider allowing "expires_in" parameter https://github.com/oauth-wg/oauth-transaction-tokens/issues/202 [WGLC Feedback] 
 - Server Authentication Clarification https://github.com/oauth-wg/oauth-transaction-tokens/issues/199 [WGLC Feedback] 
 - Client Authentication Mechanisms https://github.com/oauth-wg/oauth-transaction-tokens/issues/198 [WGLC Feedback] 
 - Allow Gateways to issue Tx-token to self without using RFC8693 https://github.com/oauth-wg/oauth-transaction-tokens/issues/189 [WGLC Feedback] [WGLC Discuss] 


* oauth-wg/oauth-sd-jwt-vc (+0/-0/💬3)
 2 issues received 3 new comments:
 - #323 Should `sd` `allowed` be used by issuers? (2 by babisRoutis, bc-pi)

   https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/323 
 - #247 Potential Privacy implications of verifier knowing display information (1 by bc-pi)
   https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/247 [pending close] [blocked] 


* oauth-wg/draft-ietf-oauth-status-list (+0/-0/💬1)
 1 issues received 1 new comments:
 - #304 Feedback from AD review (1 by paulbastian)

   https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/304 


* oauth-wg/oauth-identity-assertion-authz-grant (+2/-0/💬10)
 2 issues created:
 - Discovering allowed Resource App (instances) for the logged in user (by 
dlozlla)

   https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/52 
 - Support for Multi-Instance Apps (by dlozlla)
   https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/51 


 3 issues received 10 new comments:
 - #52 Discovering allowed Resource App (instances) for the logged in user (2 
by mcguinness, meghnadubey)

   https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/52 
 - #51 Support for Multi-Instance Apps (7 by dlozlla, mcguinness)
   https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/51 
 - #39 Adopt Tenant Claim from OpenID Enterprise Extensions for ID-JAG (1 by kamronbatman)
   https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/39 




Pull requests
-------------
* oauth-wg/oauth-transaction-tokens (+1/-4/💬0)
 1 pull requests submitted:
 - Editorial updates (by PieterKas)

   https://github.com/oauth-wg/oauth-transaction-tokens/pull/261 


 4 pull requests merged:
 - Editorial updates

   https://github.com/oauth-wg/oauth-transaction-tokens/pull/261 
 - Remove prohibition on returning expires_in and scope
   https://github.com/oauth-wg/oauth-transaction-tokens/pull/259 
 - Allow for alternatives to RFC8693
   https://github.com/oauth-wg/oauth-transaction-tokens/pull/254 
 - Change to Standards Track from Informational
   https://github.com/oauth-wg/oauth-transaction-tokens/pull/257 


* oauth-wg/oauth-sd-jwt-vc (+0/-0/💬2)
 1 pull requests received 2 new comments:
 - #359 Proposal for recommendation for sd and how extended types use it (2 by 
babisRoutis, danielfett)

   https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/359 


* oauth-wg/draft-ietf-oauth-attestation-based-client-auth (+0/-0/💬1)
 1 pull requests received 1 new comments:
 - #146 DPoP Optimisation (1 by paulbastian)

   https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/146 



Repositories tracked by this digest:
-----------------------------------
* https://github.com/oauth-wg/oauth-browser-based-apps
* https://github.com/oauth-wg/oauth-identity-chaining
* https://github.com/oauth-wg/oauth-transaction-tokens
* https://github.com/oauth-wg/oauth-sd-jwt-vc
* https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata
* https://github.com/oauth-wg/oauth-cross-device-security
* https://github.com/oauth-wg/oauth-selective-disclosure-jwt
* https://github.com/oauth-wg/oauth-v2-1
* https://github.com/oauth-wg/draft-ietf-oauth-status-list
* https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth
* https://github.com/oauth-wg/oauth-identity-assertion-authz-grant
* https://github.com/oauth-wg/draft-ietf-oauth-rfc8725bis
* https://github.com/oauth-wg/draft-ietf-oauth-rfc7523bis
* https://github.com/oauth-wg/oauth-first-party-apps


--
To have a summary like this sent to your list, see: 
https://github.com/ietf-github-services/activity-summary

_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]























					Reply via email to