Re: [OAUTH-WG] OAuth Discovery metadata values added for revocation, introspection, and PKCE

Thanks Mike, the updated spec looks good!

I have a question related to PKCE:

The PKCE spec seems to imply that an AS may require public clients to
use a code challenge:

https://tools.ietf.org/html/rfc7636#section-4.4.1

If an AS has such a policy in place, how is this to be advertised? Or is
that supposed to the enforced when the client gets registered (there are
no reg params for that at present)?

On 28/01/16 19:27, Mike Jones wrote:
> The OAuth Discovery specification has been updated to add metadata values for revocation<http://tools.ietf.org/html/rfc7009>, introspection<http://tools.ietf.org/html/rfc7662>, and PKCE<http://tools.ietf.org/html/rfc7636>.  Changes were:
>
> *       Added "revocation_endpoint_auth_methods_supported" and "revocation_endpoint_auth_signing_alg_values_supported" for the revocation endpoint.
>
> *       Added "introspection_endpoint_auth_methods_supported" and "introspection_endpoint_auth_signing_alg_values_supported" for the introspection endpoint.
>
> *       Added "code_challenge_methods_supported" for PKCE.
>
> The specification is available at:
>
> *       http://tools.ietf.org/html/draft-jones-oauth-discovery-01
>
> An HTML-formatted version is also available at:
>
> *       http://self-issued.info/docs/draft-jones-oauth-discovery-01.html
>
>                                                           -- Mike
>
> P.S.  This note was also published at http://self-issued.info/?p=1531 and as @selfissued<https://twitter.com/selfissued>.
>
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

-- 
Vladimir Dzhuvinov

Re: [OAUTH-WG] OAuth Discovery metadata values added for revocation, introspection, and PKCE

Attachment: smime.p7s