Re: [OAUTH-WG] Transaction Tokens issuance in the absence of incoming token

Hello Atul, As an alternative to Token Exchange and separate (new) endpoint, have you ever considered OAuth 2.0 Extension Grants ? This could give us more flexibility as will let us define our own set of input parameters and validation rul

Re: [OAUTH-WG] Transaction Tokens issuance in the absence of incoming token

Thanks very much for your feedback, Joe! On Wed, Apr 3, 2024 at 10:16 AM Joseph Salowey wrote: > Hi Atul, > > I'm just starting to review the transaction tokens draft and have only a > minimal understanding of the token exchange document at this point so I'm > lacking a little background, but I

Re: [OAUTH-WG] WGLC for OAuth 2.0 Protected Resource Metadata

Apologies, I just noticed an unfinished sentence in my prior message (embarrassing but I guess I started to write it and then changed my mind but neglected to remove it). Anyway, "And FWIW the jwks_uri metadata parameter seems well en" should have been deleted or just gone on to say something like

[OAUTH-WG] I-D Action: draft-ietf-oauth-cross-device-security-06.txt

Internet-Draft draft-ietf-oauth-cross-device-security-06.txt is now available. It is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF. Title: Cross-Device Flows: Security Best Current Practice Authors: Pieter Kasselman Daniel Fett Filip Skokan

[OAUTH-WG] First-party apps - my comments

Below are my comments to draft-parecki-oauth-first-party-apps-01.  I tried but didn’t manage to use the ietf-comment tool to automatically open issues, sorry about that. You may have better luck there. Thanks,    Yaron  # Yaron Sheffer's comments on draft-parecki-oauth-first-party-apps-