Zdeněk Černý
Zdeněk Černý
@jandusil please test and close if not relevant as suggested by @banterCZ .
For the record this is caused by Base64URL is used as an encoding. The FIDO2 tester should transform the data to a proper encoding. Transfering the issue.
Discussion with @petrdvorak required before implementation.
Hello @jgrandja , The scenario for the Token Exchange of `id_token` is as follows: - A user initiates standard login flow, e.g., via Code Authorization, and uses scope openid and...
I see an ID token as my digitally signed identity, so the newsletter server receives some data signed by the authorization server that can be trusted for this purpose. I...
Hello, let's look at it this way: If I want to have another IDToken with fewer claims I need to: - Log user with client A, - get access token...
Hello, The flow is nothing off-spec. The spec clearly allows to exchange ID Tokens: https://datatracker.ietf.org/doc/html/rfc8693#name-token-type-identifiers We can call the exchange of `urn:ietf:params:oauth:token-type:jwt` as completely custom, exchange of `urn:ietf:params:oauth:token-type:id_token` is well...
I'm sorry we did not provide consistent requests. We will try to put it together to avoid misunderstanding. I haven't described the client switching clearly. I was trying to make...
Put on technical grooming agenda.
I'm leaving it open on purpose. But the optimistic locking like: `update pa_operation set status = 3 where status = 1 and id in (...)` is fine, and ensure that...