FYI: Our WG session got scheduled.
Begin forwarded message:
> From: IETF Secretariat
> Date: February 25, 2011 1:34:40 AM GMT+02:00
> To: hannes.tschofe...@gmx.net
> Cc: rom...@gmail.com, presn...@qualcomm.com, alexey.melni...@isode.com,
> stpe...@stpeter.im, session-requ...@ietf.org
> Subject
Q. Should an OAuth client app list the authorization server in the Origin
header of requests to resource servers?
In OAuth (delegation) flows a server dynamically issues credentials (such as a
bearer token) to a client app to use in subsequent HTTP requests to other
servers. To combat login c
Here's our Python implementation, ready to use. Any feedback welcome.
(Patches, too!)
https://github.com/progrium/pyjwt
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Hannes,
Twilio's API is our product. Whatever we chose for cryptographic signing and
message serialization would have to be something that our users can
understand quickly and easily. In many cases, these users will have little
to no experience with some of these technologies. JWT is the closest t
I had all the java crypto routines (using Bouncycastle and lightcrypto
libraries) in the xmldap library already and only needed to re-package.
The jwt signature stuff is super simple.
Although I use ASN.1 in the xmldap library too (to extract icons from
X509 certificates) I think that ASN.1 is un
Hey Axel, Hi Jeff,
looking at your post regarding the JWT implementation I was wondering about one
aspect: You are providing an implementation in Java, Python, PHP, and Ruby.
Why didn't you implement a sub-set of the CMS implementation for signing
instead? Maybe you could have used existing l