add iss authorisation response parameter

oauth-wg / oauth-v2-1

OAuth 2.1 is a consolidation of the core OAuth 2.0 specs

https://oauth.net/2.1/

Other

53 stars 27 forks source link

add iss authorisation response parameter #46

Closed tlodderstedt closed 2 years ago

tlodderstedt commented 3 years ago

The Security BCP is going to recommend the iss response parameter as mix-up defense.

https://github.com/oauthstuff/draft-ietf-oauth-security-topics/pull/19/files

I think we should consider to add this parameter to OAuth 2.1.

aaronpk commented 3 years ago

At the interim meeting it was discussed to revisit this topic once the iss draft reaches RFC status.

aaronpk commented 2 years ago

At IETF 113 it was agreed to fold in guidance on using the iss parameter by including an example in the spec and referencing RFC 9207 for the full details.

minutes