Open paragonie-security opened 2 years ago
Is there any insight into the requirements here? I'm assuming it's just a matter of conforming to an interface? Are there refresh considerations?
Any forward motion here mostly depends on dealing with standards organizations, which is more political than technical.
Can you please elaborate? How is an interface between paseto and oauth not sufficient for interoperability?
First, we need a PASETO RFC with the IETF. This depends on an XChaCha RFC with the IETF.
Once both those hurdles are cleared, we then need to write a specification for using OAuth2 with PASETO for bearer tokens, so that companies can implement the specification.
We'd need to do the same with OpenID Connect.
None of these are technically challenging, but getting standards organizations to actually standardize anything? Purely inter-office politics.
Moving from https://github.com/paragonie/paseto/issues/5