A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : OAuth 2.0 Proof-of-Possession (PoP) Security
Architecture
Authors : Phil Hunt
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : OAuth 2.0 Proof-of-Possession: Authorization Server
to Client Key Distribution
Authors
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : Proof-Of-Possession Semantics for JSON Web Tokens
(JWTs)
Authors : Michael B. Jones
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : A Method for Signing an HTTP Requests for OAuth
Authors : Justin Richer
Changes in this version are:
·Added the Authentication Method Reference Values registry.
·Renamed the code_for_id_token grant type to
urn:ietf:params:oauth:grant-type:code-for-id-token to conform to Section 4.5 of
RFC 6749.
The end of section 2.2 talks about prompt=consent but the value is not
defined above.
Also, I don't understand the note about "pwd" being used by a service. In
which scenario would that happen?
Finally, what's the difference between providing several values for "amr"
with and without including "m
Thanks for your review, Thomas. The “prompt=consent” definition being missing
is an editorial error. It should be:
consent
The Authorization Server SHOULD prompt the End-User for consent before
returning information to the Client. If it cannot obtain consent, it MUST
return an error, typicall
