Ryo Ito

icon indicating a website link https://ritou.hatenablog.com/ icon indicating an email [email protected]

Results 4 issues of Ryo Ito

Make Client authentication extensible and support client_secret_jwt

4 comment

### Abstract There are several types of Client authentication defined for use when making a request to the Token Endpoint in OAuth 2.0. These are named "client_secret_basic", "client_secret_post", "client_secret_jwt", etc....

stale:discard

[auth] Add OAuth2 state param for csrf protection

As you all know, in the Authorization Request of OAuth 2.0, it is recommended to use the state parameter as CSRF countermeasure. https://developers.google.com/identity/protocols/OAuth2WebServer However, Identity beginners may use your sample...

cla: yes

Description of the registration flow of the generated public key

In the current documentation(v0.1) I can't find any mention of how to get the DID by registering the SIOP generated public key. RP can do that in advance, but SIOP...

Prohibition of using OAuth for user authentication

Despite the specification explicitly stating "This is an Authorization Framework" as of OAuth 2.0, some Authorization Server/Resource Server and many Client developers have been using this for the purpose of...