The issue I see with sticking with the DPoP token_type is that from a
roll_out perspective, ALL resource servers must be updated to support
the new scheme and only then can the DPoP deployment start. For any wide
ecosystem deployment that can be problematic. I don't have any great
We still have some of the three-hour workshop/tutorial slots open.
If you're interested to give a workshop/tutorial, please submit a
proposal here:
https://docs.google.com/forms/d/e/1FAIpQLSfqHnsKRodCWom4j4f7j791gnoaz2XLTOTiGCv4F_Wl9cNQSQ/viewform
-Daniel
Am 31.05.20 um 17:52 schrieb Daniel
HiĀ Hannes,
Let us start by the last argument of this email which is copied below:
Finally, there are still two questions that have been raised but
which have not yet been answered at this time:
* how can a client request a JWT compliant to /this/ profile, and
* how can a
