AuthzServer/Backend
Server, so that the headers passed are not compromised.
This is a MOST common scenario in a real world. And we don’t want everyone come
up with their own names for the header. There should be some kind of
standardization around the header names.
Regards
Vivek Biswas, CISSP
be an absolute URI or a String as well.
Regards
Vivek Biswas, CISSP
Consulting Member, Security
Oracle Corporation.
From: Denis [mailto:denis.i...@free.fr]
Sent: Tuesday, November 15, 2016 3:50 AM
To: oauth@ietf.org
Subject: [OAUTH-WG] About Big Brother and
draft-campbell-oauth-res
PKCE256 becomes mandatory in that case. PKCE plain is prone to same attack as
that of state or none.
Also PKCE256 should generate new code challenge for every Authorization request.
-Vivek Biswas
Consulting Member@Security
Oracle.
From: ve7...@ve7jtb.com [mailto:ve7...@ve7jtb.com
Yes indeed a nice job .
I have one question on the RFC.
Not sure where I can submit request for comments. Hence, adding to this email
thread
In the use-case mentioned belowThe following is a non-normative example
response for a token that
has been revoked or is otherwise invalid:
H
which
denote the On-behalf-of User.
For e.g., a Customer Representative trying to create token on behalf of a
customer and trying to execute services specific for that specific customer.
Regards,
Vivek Biswas,
[CISSP]
Cisco Systems, Inc<http://www.cisco.com/>
Bldg. J, San Jose, USA,
Phone: +1