oojacoboo
commented
1 year ago Is there any insight into the requirements here? I'm assuming it's just a matter of conforming to an interface? Are there refresh considerations?
Open paragonie-security opened 2 years ago
oojacoboo
commented
1 year ago Is there any insight into the requirements here? I'm assuming it's just a matter of conforming to an interface? Are there refresh considerations?
paragonie-security
commented
1 year ago Any forward motion here mostly depends on dealing with standards organizations, which is more political than technical.
oojacoboo
commented
1 year ago Can you please elaborate? How is an interface between paseto and oauth not sufficient for interoperability?
paragonie-security
commented
1 year ago First, we need a PASETO RFC with the IETF. This depends on an XChaCha RFC with the IETF.
Once both those hurdles are cleared, we then need to write a specification for using OAuth2 with PASETO for bearer tokens, so that companies can implement the specification.
We'd need to do the same with OpenID Connect.
None of these are technically challenging, but getting standards organizations to actually standardize anything? Purely inter-office politics.
Moving from https://github.com/paragonie/paseto/issues/5