Hi all, I’ve given the Additional Hash Algorithms for OAuth 2.0 PKCE and
Proof-of-Possession draft a review:
Adding some additional definitions for terms used (such as BASE64URL, SHA-512,
etc) to align with prior text would be useful.
- Raised
https://github.com/panva/draft-oauth-additional-hashes/issues/3
- The issue includes some suggested text to align the definitions with
those defined in PKCE
Some concerns jumped out at me around the behaviour of the ath_methods
parameter and its relationship to the dpop_access_token_hash_methods_supported
claim. Specifically their alignment and the optionality of the ath_methods
parameter. I’ve detailed these in the following issues:
- https://github.com/panva/draft-oauth-additional-hashes/issues/4
- https://github.com/panva/draft-oauth-additional-hashes/issues/5
Also added support to
https://github.com/panva/draft-oauth-additional-hashes/issues/2 in favour of
allowing co-existence for migration purposes
Aside from the above, I am happy with the document.
Thanks,
Michael Fraser_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]
