Closed randomstuff closed 1 month ago
selfissued
commented
2 months ago I will create a PR for people to review. @bc-pi asks the question whether these should be booleans indicating support or whether they are required. @aaronpk indicates that he doesn't believe that any current metadata parameters indicate REQUIRED.
I will also try to align the parameters with our existing metadata parameters for these topics.
randomstuff
commented
2 months ago I guess it would make sense to use properties which are similar to the existing AS metadata:
dpop_signing_alg_values_supported: A JSON array containing a list of the JWS alg values (from the [IANA.JOSE.ALGS] registry) supported by the authorization server for DPoP proof JWTs.
tls_client_certificate_bound_access_tokens OPTIONAL. Boolean value indicating server support for mutual-TLS client certificate-bound access tokens. If omitted, the default value is false.
Note: the last one does not really respect the tradition format of xxxx_supported.
It would be interesting for the resource server to declare support for:
The authorization server could use this information to detect that it can issue this type of access tokens for the target Resource Server.