[OAUTH-WG] OAuth Device Flow is now RFC 8628

The OAuth Device Flow specification (recently renamed to be the OAuth 2.0 Device Authorization Grant specification) is now RFC 8628. The abstract describes the specification as: The OAuth 2.0 device authorization grant is designed for Internet-connec

Re: [OAUTH-WG] Question regarding draft-ietf-oauth-jwt-introspection-response-05

Hi Remco, > On 6. Aug 2019, at 16:01, Schaar, R.M. (Remco) - Logius > wrote: > > Hello, > > I would like to request the OAuth2 working group on a clarification for > introspection, in particular regarding the semantics of the ‘jti’ and ‘aud’ > claims. The draft ‘JWT Response for OAuth Token

[OAUTH-WG] Info on how to implement a server

What’s the WG consensus (heh) on the best guide to adding OAUTH support to an existing server so that it can act as an identity provider? Which version of oauth is most widely deployed by relying parties these days? I want to add OAUTH support to the IETF datatracker. Thanks for any pointers.

Re: [OAUTH-WG] Info on how to implement a server

The openID Connect kind of OAuth server. OAuth on its own is not designed to be secure for identity federation. John B. On 8/17/2019 1:23 PM, Salz, Rich wrote: > > What’s the WG consensus (heh) on the best guide to adding OAUTH > support to an existing server so that it can act as an identity >

Re: [OAUTH-WG] Info on how to implement a server

indeed OAuth != identity see https://oauth.net/articles/authentication/ Hans. On Sat, Aug 17, 2019 at 8:31 PM John Bradley wrote: > The openID Connect kind of OAuth server. > > OAuth on its own is not designed to be secure for identity federation. > > John B. > On 8/17/2019 1:23 PM, Salz, Rich