Hi all, I recently was asked how to use DPoP with the Device Authorization Grant, which seemed like a straightforward question to answer. So I went to look at the DPoP spec to look for something I could point to, and was surprised to find no mention of it at all. There was, however, a mention of how to use DPoP with Pushed Authorization Requests, which is conceptually similar.
It seemed relatively straightforward in my head to connect the dots between DPoP and the Device Grant, but it was never actually written down for others. So I took some time to put this together with Brian: https://datatracker.ietf.org/doc/html/draft-parecki-oauth-dpop-device-flow --- Aaron Parecki
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
