subject:"Re\: \[OAUTH\-WG\] DPoP 03 \- introspection \- token

Re: [OAUTH-WG] DPoP 03 - introspection - token_type?

2021-08-17 Thread Brian Campbell

Thanks Justin.

On Tue, Aug 17, 2021 at 8:58 AM Justin Richer  wrote:

> I think it can be a really simple mention as suggested here. I put it in a
> pull request:
>
> https://github.com/danielfett/draft-dpop/pull/72
>
> I was actually surprised to see that the `token_type` value wasn’t already
> required to be DPoP (case insensitive) so I added that, too.
>
>  — Justin
>
> On Aug 16, 2021, at 6:20 PM, Brian Campbell 
> wrote:
>
> Yeah, I believe that logically follows from the definition of token_type
> in introspection and RFC 6749.
>
> Do y'all think it needs to be mentioned in DPoP though? I'm not sure, to
> be honest.
>
>
>
> On Mon, Aug 16, 2021 at 5:46 AM Justin Richer  wrote:
>
>> Yes, it should be. Good catch.
>>
>> -Justin
>> 
>> From: OAuth [oauth-boun...@ietf.org] on behalf of Vladimir Dzhuvinov [
>> vladi...@connect2id.com]
>> Sent: Sunday, August 15, 2021 12:02 PM
>> To: oauth@ietf.org
>> Subject: [OAUTH-WG] DPoP 03 - introspection - token_type?
>>
>> The token introspection RFC defines the optional "token_type" member and
>> I just noticed that draft-ietf-oauth-dpop-03 doesn't mention it.
>>
>> https://datatracker.ietf.org/doc/html/rfc7662#section-2.2
>>
>> Would it be sensible to mention that if the "token_type" gets set in a
>> introspection response, it must be "DPoP"?
>>
>> https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop-03#section-6.2
>>
>> Vladimir
>>
>> --
>> Vladimir Dzhuvinov
>>
>>
>> ___
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>
> *CONFIDENTIALITY NOTICE: This email may contain confidential and
> privileged material for the sole use of the intended recipient(s). Any
> review, use, distribution or disclosure by others is strictly prohibited.
> If you have received this communication in error, please notify the sender
> immediately by e-mail and delete the message and any file attachments from
> your computer. Thank you.*
>
>
>

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] DPoP 03 - introspection - token_type?

2021-08-17 Thread Justin Richer

I think it can be a really simple mention as suggested here. I put it in a pull 
request:

https://github.com/danielfett/draft-dpop/pull/72 


I was actually surprised to see that the `token_type` value wasn’t already 
required to be DPoP (case insensitive) so I added that, too.

 — Justin

> On Aug 16, 2021, at 6:20 PM, Brian Campbell  
> wrote:
> 
> Yeah, I believe that logically follows from the definition of token_type in 
> introspection and RFC 6749. 
> 
> Do y'all think it needs to be mentioned in DPoP though? I'm not sure, to be 
> honest. 
> 
> 
> 
> On Mon, Aug 16, 2021 at 5:46 AM Justin Richer  > wrote:
> Yes, it should be. Good catch. 
> 
> -Justin
> 
> From: OAuth [oauth-boun...@ietf.org ] on 
> behalf of Vladimir Dzhuvinov [vladi...@connect2id.com 
> ]
> Sent: Sunday, August 15, 2021 12:02 PM
> To: oauth@ietf.org 
> Subject: [OAUTH-WG] DPoP 03 - introspection - token_type?
> 
> The token introspection RFC defines the optional "token_type" member and
> I just noticed that draft-ietf-oauth-dpop-03 doesn't mention it.
> 
> https://datatracker.ietf.org/doc/html/rfc7662#section-2.2 
> 
> 
> Would it be sensible to mention that if the "token_type" gets set in a
> introspection response, it must be "DPoP"?
> 
> https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop-03#section-6.2 
> 
> 
> Vladimir
> 
> --
> Vladimir Dzhuvinov
> 
> 
> ___
> OAuth mailing list
> OAuth@ietf.org 
> https://www.ietf.org/mailman/listinfo/oauth 
> 
> 
> CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
> material for the sole use of the intended recipient(s). Any review, use, 
> distribution or disclosure by others is strictly prohibited.  If you have 
> received this communication in error, please notify the sender immediately by 
> e-mail and delete the message and any file attachments from your computer. 
> Thank you.

___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] DPoP 03 - introspection - token_type?

2021-08-16 Thread Brian Campbell

Yeah, I believe that logically follows from the definition of token_type in
introspection and RFC 6749.

Do y'all think it needs to be mentioned in DPoP though? I'm not sure, to be
honest.



On Mon, Aug 16, 2021 at 5:46 AM Justin Richer  wrote:

> Yes, it should be. Good catch.
>
> -Justin
> 
> From: OAuth [oauth-boun...@ietf.org] on behalf of Vladimir Dzhuvinov [
> vladi...@connect2id.com]
> Sent: Sunday, August 15, 2021 12:02 PM
> To: oauth@ietf.org
> Subject: [OAUTH-WG] DPoP 03 - introspection - token_type?
>
> The token introspection RFC defines the optional "token_type" member and
> I just noticed that draft-ietf-oauth-dpop-03 doesn't mention it.
>
> https://datatracker.ietf.org/doc/html/rfc7662#section-2.2
>
> Would it be sensible to mention that if the "token_type" gets set in a
> introspection response, it must be "DPoP"?
>
> https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop-03#section-6.2
>
> Vladimir
>
> --
> Vladimir Dzhuvinov
>
>
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] DPoP 03 - introspection - token_type?

2021-08-16 Thread Justin Richer

Yes, it should be. Good catch. 

-Justin

From: OAuth [oauth-boun...@ietf.org] on behalf of Vladimir Dzhuvinov 
[vladi...@connect2id.com]
Sent: Sunday, August 15, 2021 12:02 PM
To: oauth@ietf.org
Subject: [OAUTH-WG] DPoP 03 - introspection - token_type?

The token introspection RFC defines the optional "token_type" member and
I just noticed that draft-ietf-oauth-dpop-03 doesn't mention it.

https://datatracker.ietf.org/doc/html/rfc7662#section-2.2

Would it be sensible to mention that if the "token_type" gets set in a
introspection response, it must be "DPoP"?

https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop-03#section-6.2

Vladimir

--
Vladimir Dzhuvinov

___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] DPoP 03 - introspection - token_type?

Re: [OAUTH-WG] DPoP 03 - introspection - token_type?

Re: [OAUTH-WG] DPoP 03 - introspection - token_type?

Re: [OAUTH-WG] DPoP 03 - introspection - token_type?

4 matches

Site Navigation

Mail list logo

Footer information