search

Logius-standaarden / OAuth-NL-profiel

Kennisplatform API's Nederlands profiel OAuth
https://logius-standaarden.github.io/OAuth-NL-profiel/
16 stars 5 forks source link

wijzigingen ten behoeve van de [rfc8705] OAuth #42

Closed mrtn78 closed 6 months ago

mrtn78 commented 7 months ago

Ik (Heiko Hudig) heb een overzicht gemaakt van de wijzigingen ten behoeve van de [rfc8705] OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens.

Onderwerp Paragraaf Originele tekst Nieuwe tekst
mtls A.1 Normative references https://logius-standaarden.github.io/OAuth-NL-profiel/#normative-references Nieuw [rfc8705]OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens. J. Bradley, B. Campbell, N. Sakimura, T. Lodderstedt, Standards Track. URL: https://www.rfc-editor.org/rfc/rfc8705
Mtls 2.1.1 Full Client with User Delegation https://logius-standaarden.github.io/OAuth-NL-profiel/#full-client-with-user-delegation credentials (private_key_jwt) credentials (private_key_jwt or tls_client_auth [rfc8705])
Mtls 3.1.2 Client authentication https://logius-standaarden.github.io/OAuth-NL-profiel/#client-authentication The authorization server MUST enforce client authentication as described above for the authorization code and client credentials grant types. Public client cannot authenticate to the authorization server.The authorization server MUST validate all redirect URIs for authorization code . The authorization server MUST enforce client authentication as described above for the authorization code and client credentials grant types. Public client cannot authenticate to the authorization server.The authorization server MUST validate all redirect URIs for authorization code .One of the following clint authentication types MUST be used: private_key_jwt or tls_client_auth [rfc8705]
mtls 2.3.3 Requests to the Token Endpoint https://logius-standaarden.github.io/OAuth-NL-profiel/#requests-to-the-token-endpoint defined by the JWT Profile for OAuth 2.0 Client Authentication and Authorization Grants(https://logius-standaarden.github.io/OAuth-NL-profiel/#bib-rfc7523)] only using the private_key_jwt method defined in [OpenID Connect Core] [OpenID.Core] defined by the JWT Profile for OAuth 2.0 Client Authentication and Authorization Grants(https://logius-standaarden.github.io/OAuth-NL-profiel/#bib-rfc7523)] using either the private_key_jwt method defined in [OpenID Connect Core] [OpenID.Core] or the tls_client_auth method defined in [rfc8705]
Mtls 3.1.5 Discovery - https://logius-standaarden.github.io/OAuth-NL-profiel/#discovery "token_endpoint_auth_methods_supported": [ "private_key_jwt", ], "token_endpoint_auth_methods_supported": [ "private_key_jwt", "tls_client_auth" ],
Mtls 5.1 Proof of Possession Tokens - https://logius-standaarden.github.io/OAuth-NL-profiel/#proof-of-possession-tokens e.g. using an private_key_jwt e.g. using an private_key_jwt or tls_client_auth [rfc8705]

I

mrtn78 commented 7 months ago

Vandaag in de WG beveiliging is besloten deze verbeteringen besproken en besloten deze nog mee te nemen in versie 1.1