Open sameerag opened 1 year ago
A server may also return a new BPoP nonce on any 200 response.
why only 200? why it cannot be any response. We get first nonce via 401
Refers to: BindingContext/explainer.md:173 in bec12c8. [](commit_id = bec12c85762993aac874d80ae385b8e0e1e458c0, deletion_comment = False)
A server may also return a new BPoP nonce on any 200 response.
why only 200? why it cannot be any response. We get first nonce via 401
Refers to: BindingContext/explainer.md:173 in bec12c8. [](commit_id = bec12c8, deletion_comment = False)
I think it is in-reference to piggy backing on regular oath flows, that BPoP-Nonce can be attached to any successful oauth response, and not specifically requested. @will-bartlett can clarify more.
Added support for the below:
Edited the Explainer to add:
refresh-in
support for background nonce renewalexpires-in
support to reduce key verification frequencyadaptation considerations
andkey management considerations
Added a new document (similar content but format more friendly for a W3 explainer)
Pending: