issues
search
aaronpk
/
oauth-first-party-apps
https://datatracker.ietf.org/doc/html/draft-parecki-oauth-first-party-apps
Other
9
stars
7
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
DPoP Thoughts
#48
bc-pi
closed
4 months ago
2
DPoP Authorization Code Binding
#47
bc-pi
closed
4 months ago
4
PAR response w/ request_uri and PKCE doesn't quite work
#46
bc-pi
closed
4 months ago
5
error code vs error code
#45
bc-pi
closed
5 months ago
2
random stringo
#44
bc-pi
closed
8 months ago
2
Appendix A.2
#43
mattjm
closed
4 months ago
1
minor grammar/typo suggestions
#42
mattjm
closed
8 months ago
0
Client authentication requirements for authorization challenge endpoint
#41
aaronpk
closed
8 months ago
0
Add passkey example
#40
aaronpk
closed
8 months ago
0
Updates for issues #31, #33, #36
#39
gffletch
closed
8 months ago
0
Added support for redirecting to the web
#38
PieterKas
closed
8 months ago
1
Add user experience considerations
#37
PieterKas
closed
4 months ago
3
Add security consideration discouraging use of this spec in SPAs
#36
aaronpk
closed
8 months ago
2
Step-Up
#35
dteleguin
closed
8 months ago
5
Update references to DPoP (RFC 9449)
#34
aaronpk
closed
10 months ago
0
Client Authentication
#33
PieterKas
closed
8 months ago
4
Describe why not to return access token directly
#32
PieterKas
closed
8 months ago
0
Content Type
#31
PieterKas
closed
8 months ago
1
Add shelling out to the browser as a error code
#30
PieterKas
closed
8 months ago
2
First Party Native Apps in Browsers
#29
PieterKas
closed
8 months ago
4
OAuth FiPNA Enhancements
#28
corriganjeff
closed
10 months ago
0
Better name for "device session"
#27
aaronpk
closed
8 months ago
2
Added worked examples showing examples of the main use cases
#26
PieterKas
closed
1 year ago
0
Update reference to Native SSO
#25
aaronpk
closed
1 year ago
0
`auth_session` DPoP binding
#24
aaronpk
closed
8 months ago
3
Document token request
#23
aaronpk
closed
1 year ago
0
Write Introduction
#22
PieterKas
closed
1 year ago
1
Expand introduction
#21
aaronpk
closed
1 year ago
0
Add in user scenarios
#20
PieterKas
closed
1 year ago
1
Addressing issues #2, #3 and #10.
#19
gffletch
closed
1 year ago
0
Security Considerations: How to use DPoP for Native Apps
#18
PieterKas
closed
1 year ago
0
Describe how DPoP works with this spec
#17
aaronpk
closed
1 year ago
1
Web redirect options
#16
aaronpk
closed
8 months ago
3
Include non-normative examples in the Appendix
#15
PieterKas
closed
1 year ago
1
Need a non-normative example showing how the AS extends the spec to make it all work
#14
gffletch
closed
1 year ago
2
Authorization Challenge Request
#13
gffletch
closed
1 year ago
1
Is (e.g. password) the best choice in the Protocol Overview section
#12
gffletch
closed
1 year ago
1
Always require PKCE due to possibility of fallback to web redirect flow
#11
gffletch
closed
8 months ago
4
I don't think we should limit the spec to one app per platform
#10
gffletch
closed
1 year ago
3
Should we allow 3rd party apps as long as the only challenge method is passkey?
#9
gffletch
closed
1 year ago
1
How to layer DPoP on top of this flow
#8
PieterKas
closed
1 year ago
0
Be prescriptive on how client authentication is used
#7
PieterKas
closed
1 year ago
2
Clarify that mobile app starts the flow with this endpoint
#6
PieterKas
closed
1 year ago
1
Fallback to web, model on PAR
#5
PieterKas
closed
1 year ago
1
Added a figure to reflect the protocol description
#4
PieterKas
closed
1 year ago
0
OIDC compatibility
#3
PieterKas
closed
1 year ago
1
Response Mode
#2
PieterKas
closed
1 year ago
1
Name of challenge endpoint
#1
PieterKas
closed
1 year ago
1
Previous