Skip to content

Commit 71c398a

Browse files
aaronpkaaronpk
authored
Merge pull request #217 from panva/7523bis
reference 7523 updates
2 parents 6f86507 + 8adb018 commit 71c398a

File tree

1 file changed

+7
-3
lines changed

1 file changed

+7
-3
lines changed

draft-ietf-oauth-v2-1.md

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -102,6 +102,7 @@ informative:
102102
RFC9470:
103103
I-D.bradley-oauth-jwt-encoded-state:
104104
I-D.ietf-oauth-browser-based-apps:
105+
I-D.ietf-oauth-rfc7523bis:
105106

106107
OpenID:
107108
title: OpenID Connect Core 1.0
@@ -530,7 +531,8 @@ defined to communicate the expiration of a refresh token to the client.
530531
### Client Credentials
531532

532533
The client credentials or other forms of client authentication
533-
(e.g., a private key used to sign a JWT, as described in {{RFC7523}})
534+
(e.g., a private key used to sign a JWT, as described in {{RFC7523}}
535+
and its update {{I-D.ietf-oauth-rfc7523bis}})
534536
can be used as an authorization grant when the authorization scope is
535537
limited to the protected resources under the control of the client,
536538
or to protected resources previously arranged with the authorization
@@ -1023,7 +1025,8 @@ form of client authentication meeting its security requirements
10231025

10241026
It is RECOMMENDED to use asymmetric (public-key based) methods for
10251027
client authentication such as mTLS {{RFC8705}} or using signed JWTs
1026-
("Private Key JWT") in accordance with {{RFC7521}} and {{RFC7523}}
1028+
("Private Key JWT") in accordance with {{RFC7521}}, {{RFC7523}},
1029+
and their update {{I-D.ietf-oauth-rfc7523bis}}
10271030
(in {{OpenID}} defined as the client authentication method `private_key_jwt`).
10281031
When such methods for client authentication are used, authorization
10291032
servers do not need to store sensitive symmetric keys, making these
@@ -1118,7 +1121,8 @@ mapping between the client identifier (registration record) and
11181121
authentication scheme.
11191122

11201123
Some additional authentication methods such as mTLS {{RFC8705}}
1121-
and Private Key JWT {{RFC7523}} are defined in the
1124+
and Private Key JWT ({{RFC7523}}, {{I-D.ietf-oauth-rfc7523bis}})
1125+
are defined in the
11221126
"[OAuth Token Endpoint Authentication Methods](https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#token-endpoint-auth-method)" registry,
11231127
and may be useful as generic client authentication methods beyond
11241128
the specific use of protecting the token endpoint.

0 commit comments

Comments
 (0)