IETF Logo Mail Archive

Re: [OAUTH-WG] [UNVERIFIED SENDER] Re: MTLS and in-browser clients using the token endpoint

Justin Richer <jricher@mit.edu> Tue, 05 February 2019 15:22 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B46F128CF3 for <oauth@ietfa.amsl.com>; Tue, 5 Feb 2019 07:22:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z26tCoFMSr9l for <oauth@ietfa.amsl.com>; Tue, 5 Feb 2019 07:22:45 -0800 (PST)
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-eopbgr760128.outbound.protection.outlook.com [40.107.76.128]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B6AC124BF6 for <oauth@ietf.org>; Tue, 5 Feb 2019 07:22:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QJfHXFXb3RZXVh1hLXNl6IfWqFhYjsw+Sz6xkQOwxns=; b=Tm/nUFDB4o7BU79N0/s+B/dfJuY2DJAhrzeHutAht7Qrs7y0C0kIpZ6y7UMpiqsm3N1E3bgdTcgzLNkBHn3EKNL7ZhGmnhFum/xkhRaYLvQfBLZzarFoRlOA5rQNVQ+xySErJ/Uw8vrNfRhof/fecJDU0gcKEGKwXU3lGH45d8w=
Received: from CY4PR01CA0007.prod.exchangelabs.com (2603:10b6:903:1f::17) by BN7PR01MB3843.prod.exchangelabs.com (2603:10b6:406:84::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1601.17; Tue, 5 Feb 2019 15:22:43 +0000
Received: from BY2NAM03FT015.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e4a::200) by CY4PR01CA0007.outlook.office365.com (2603:10b6:903:1f::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1580.20 via Frontend Transport; Tue, 5 Feb 2019 15:22:43 +0000
Authentication-Results: spf=pass (sender IP is 18.9.28.59) smtp.mailfrom=mit.edu; alkaline-solutions.com; dkim=none (message not signed) header.d=none;alkaline-solutions.com; dmarc=bestguesspass action=none header.from=mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.59 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.59; helo=outgoing-exchange-5.mit.edu;
Received: from outgoing-exchange-5.mit.edu (18.9.28.59) by BY2NAM03FT015.mail.protection.outlook.com (10.152.84.212) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1580.10 via Frontend Transport; Tue, 5 Feb 2019 15:22:42 +0000
Received: from oc11exedge2.exchange.mit.edu (OC11EXEDGE2.EXCHANGE.MIT.EDU [18.9.3.18]) by outgoing-exchange-5.mit.edu (8.14.7/8.12.4) with ESMTP id x15FNBgt028334; Tue, 5 Feb 2019 10:23:18 -0500
Received: from w92expo18.exchange.mit.edu (18.7.74.72) by oc11exedge2.exchange.mit.edu (18.9.3.18) with Microsoft SMTP Server (TLS) id 15.0.1293.2; Tue, 5 Feb 2019 10:20:41 -0500
Received: from oc11expo18.exchange.mit.edu (18.9.4.49) by w92expo18.exchange.mit.edu (18.7.74.72) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Tue, 5 Feb 2019 10:21:15 -0500
Received: from oc11expo18.exchange.mit.edu ([18.9.4.49]) by oc11expo18.exchange.mit.edu ([18.9.4.49]) with mapi id 15.00.1365.000; Tue, 5 Feb 2019 10:21:15 -0500
From: Justin Richer <jricher@mit.edu>
To: David Waite <david@alkaline-solutions.com>
CC: Brian Campbell <bcampbell=40pingidentity.com@dmarc.ietf.org>, oauth <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] [UNVERIFIED SENDER] Re: MTLS and in-browser clients using the token endpoint
Thread-Index: AQHUuoq/JxNvtNmWmkWyJyZ4NDNDkqXMc6OAgAOGLICAAEAEAIABccYA
Date: Tue, 05 Feb 2019 15:21:15 +0000
Message-ID: <9864BB84-3987-4EF9-81C3-45B4387F0B1A@mit.edu>
References: <CA+k3eCTKSFiiTw8--qBS0R2YVQ0MY0eKrMBvBNE4pauSr1rHcA@mail.gmail.com> <6A614742-290D-47E2-B3E9-A4D49DB32DD7@forgerock.com> <CA+k3eCSoNRGrsxeLYd6DEqU+U6TB_aXV2aPUa07Um2X0ZH_ZEw@mail.gmail.com> <548FF68E-7775-4FE0-829F-1E9CC6EA8E3F@alkaline-solutions.com> <1119DDAE-8044-43C9-A6D4-6032B3BB62B8@forgerock.com> <9D007408-3BCC-4165-BCA4-083BD7602E7D@alkaline-solutions.com> <CA+k3eCQi1sz2bDOMEATpN9ZvXd+VJydQXG03WKuLczG5kz2z+Q@mail.gmail.com> <CAP-T6TTD-nLGoPHqJ042SzotLorb2mzoWgLxsausWHhRPZr8xA@mail.gmail.com> <CA+k3eCQtgku68usoCFsTeHVnNOLqWs6NweOgpQKsa7_9=wK7Vw@mail.gmail.com> <99d38517-0e25-789f-83ae-9f33e5620475@aol.com> <CA+k3eCQVL4DeRqHWYu6=xXjBK2RnukQ5RxFzRjGZYr4au8bBkQ@mail.gmail.com> <F5841CEA-BA74-4F17-977A-A78922CDC68C@amazon.com> <CA+k3eCT+mPu0=9TDKtuVqXy=zStEWTS5aVOsc2TuJcYQ2cvE6A@mail.gmail.com> <CC05C965-3308-4449-A1E2-EDA0119BE5D2@amazon.com> <5C615068-4D43-4697-B5B1-612F01166828@forgerock.com> <CA+k3eCQnpVG6D3-Q0dConTvM7oAKp6530U2_sRhJHQWKMMCMfQ@mail.gmail.com> <CFEDC47D-4AC7-437C-AA63-EB374C6EB931@alkaline-solutions.com>
In-Reply-To: <CFEDC47D-4AC7-437C-AA63-EB374C6EB931@alkaline-solutions.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [71.174.62.56]
Content-Type: multipart/alternative; boundary="_000_9864BB8439874EF981C345B4387F0B1Amitedu_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.9.28.59; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(396003)(136003)(346002)(39860400002)(376002)(2980300002)(189003)(199004)(236005)(84326002)(316002)(786003)(16586007)(336012)(83716004)(75432002)(6306002)(54896002)(3846002)(6246003)(6116002)(186003)(71190400001)(88552002)(33656002)(86362001)(106466001)(8676002)(966005)(356004)(36906005)(26826003)(26005)(4326008)(478600001)(8936002)(486006)(33964004)(14444005)(126002)(7696005)(476003)(66066001)(76176011)(36756003)(229853002)(6916009)(426003)(53546011)(106002)(82746002)(246002)(2906002)(102836004)(446003)(54906003)(7596002)(11346002)(2616005)(7736002)(93886005)(956004); DIR:OUT; SFP:1102; SCL:1; SRVR:BN7PR01MB3843; H:outgoing-exchange-5.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-exchange-5.mit.edu; MX:1; A:1;
X-Microsoft-Exchange-Diagnostics: 1; BY2NAM03FT015; 1:DwwYijD3OwwaG6oC4UWykNBUfN1myuyAeoAm4qJeskZWjyDWQLdSyi1jdLmF0EOSqPLPKACmRajVF/B8DhdncziZXa/q8yEO+B3uveECrVPTjcl1C68yhiHDWzV7t9Bu3BIh5CfeeVYlORS/yAe5EiUhT1kGMPqg+7E6cdOWWxs=
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: f105398c-d985-4511-ccb7-08d68b7dc614
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600110)(711020)(4605077)(4608076)(4709027)(2017052603328)(7153060)(7193020); SRVR:BN7PR01MB3843;
X-Microsoft-Exchange-Diagnostics: 1; BN7PR01MB3843; 3:xRsyht9K/+BPSizHOSFNB+HifaLBwJOeE6lnJrlLNSSGLQhTd+SiYbkkIpU9XLEDvTkcDkJ9aI9enVzGRDCqEh+s1CksPJ6TkB8zNlQyR3OWUmmBNP4uHVLI4dZQfFHX/qbJ7OjT1SKDLTyPTbyOVQoB4ArnZ82iKyXmFVJcBvlIbLkoei93v0IfWPUYM8xid7dZhIrlLpwfHXU/ihQhoiY5jnB/WFQtps5Xfy4nyR7yXTvSX7qKNV9QSFG0LCBB7tufisDjxvH+LfgYNkFK5qmZgNU+ukjcizmPnZLQ8uhITQ2Igzz9IwLtzY9U5haF40SspJWmQssqwqyj/U1uQjFA+ChZOtkmiatQGQo04XZoVbfeVz0MzIRSSXteVcVk; 25:wIivHdcydgkT5+MoR3do07cQ6/d2aXxb6iJUKEJ/usq9Db6YSEfa8Lnh68tjRiyqAtFfNhwKeUjn0NcAFWxwB+HJzUe5w3pQ9JbF9DE06JwT/bne1z60w6s0Ec4gRlx4St1uB84sAJJ6RYJ/CGwvQlxZkyBJ00L7E8AdlwD3aecxg+0ppoW3wXM9FIBb6UrZsDcOelQIdG3jkNFUyDvhvaGpoJVUboUrkj0XrKaH1pm+fWJigulWnV7bsy/nW8Rr46Wa4/ZZErvI4QIznjJLdAReglojq4FJ0Y3iwGNC4Asp1lTWB53vydLBNw63PhnbGcbaeTYw7mZ9Qib242QUNw==
X-MS-TrafficTypeDiagnostic: BN7PR01MB3843:
X-Microsoft-Exchange-Diagnostics: 1; BN7PR01MB3843; 31:aZKNhEm28+Qn5xLu/sa/pHtMQfvwIFoV9A10V66v1BZAoGn9e/yuVPWXjiAaTG9rkyPInibio9TjmqulqDa8g8k0VaiXcehc1rLsxdPsKoOt9R7NNvnxsDNTeM1QOVKxxpN86BsC3H0bbfYXhTczY4si9otcXd2C6nPOODxay1b7/4lEpifLO04Lgb1bKWsF92hKnuwxfLYmc64I1cnEl5QMjG8r6q8ayIrmdTBmiGs=; 20:QBaaLIhw2gWmvOl78gUmnMHlmTRSfq8nQQO8gkvAIHZNNEvssmiG6GIQD1hBt8TJUMjaz80w+El8CG2xBifBrituQUNZJtrbJDLfqWLorE71viSWukTm8rpJzvZPFBbPmQfWhLJzy4TDbgkYIgJvOiuxGNwZu08ecronOgpM1cLLXrk5hPM1hYJpvZ/UfS2aLiRaGNTF3TVxdkPeX75+6i/bu8186Hxi26CKio3Mm8pLfLhRd48LbVsroJSxU9MTAE8GFTVDSxOXDPfL4m9tXgn5ji21sI5mADaFc4/VWDleTgf62yH4Z5W9RQ9lgTLtHcSLN0hSamu+YVaaIrdIFaZQlf49Xmy2zEGjCuq4PHWWHX9f3MAC8iRsW7mddgjmMHywHj3R5b7DtzF22Bw+Uj9iyjYDL+HOMw4eIFo2aufc5MJjxIw5yoJ7CVvd8Fs52yHILVKBmu5zueAgBzb9aWHCj9e6qUzQjV25CVBMDkmaC3YTEyoizx53WiLlro+6D0hZkkpHer05pwS/lw10GK599cVoginFS8HxUdbTpByM3/HLjUsZlzzlS9O0QyRyTyNJLPbuAVtGc1O8R03yYQ1gGNKldy9SlC0hxGnUd6Y=
X-Microsoft-Antispam-PRVS: <BN7PR01MB3843566AFC148652A0D91054BD6E0@BN7PR01MB3843.prod.exchangelabs.com>
X-Microsoft-Exchange-Diagnostics: 1; BN7PR01MB3843; 4:M7DTrYAIO3jQdhAzqn1dQRN1oOYH/8AmgfPr5OfMNOpUhS0ezNAAP/MORNZPSFmsZpXlASw7tfaIcoIi2ABawAK7GnDwqxn+BK3ljCtAgUig0XceHqljue/ARBkVym9x/JunRCKFOBIWWJX+1uymcQeZ9tE4TXcUtt1Tl/f1PwwY7FWF5G2g8+2nACUKq6qToX/QMLpviQ0rBDb7IGfkl+Fx5d8+QZueqCuiKhMX1xoQPTcu3Iz7YPVmDdLpoJ5h8y/04EODNHWtzAWaESt4bANnykbCOrfytRAUQCz0XTM=
X-Forefront-PRVS: 0939529DE2
X-Microsoft-Exchange-Diagnostics: 1; BN7PR01MB3843; 23:d5g5liH2ChoOmrFlLnSvkAcS6XelMC3/2SNAl7Hu/byxD2UnAG7VY0dT7VTQUcCHl1yLeMJRTqfFsAYFeY4IvRBucohsCp1688A2Uo9PUa0uzTEdVuyQ8IRHlocqYMoFaTDN9GHwdUFuU1BUEXdLeIL8MujR/FvAhcfaDu8Fn8wcB97EdSztj3US5CSk25SPIaa6vlBOqaty7QOiOyCtHEuutbmh+TTJTei0mv7RiKwpbd0n8MBp/BR1KjJnqIgnBX+zvhmQtTYNvYAkx9zhNJ79EWfTBI9xl5MiEhtn6LTWrX330It/hJHN1Tyca3QJifROjxs+mUt9gRUGZU1cDaxe3HO60WvT+DdeaXtYFXxLrHtJ2OrcCJPPkbHC/bXT5fA0dLxha+V5FOdev0xBTyh5NUz9TihYqB3BHYzkuibVUP78huacGmVBcmXPSFbvRip2xUQnLCsvMUbA1+9TzRJfx5RsMWTavhmLpnx6y7KoiuU3n8SzMfWB01zctvnyUF2ZgZGiBozeAW+Ib0wdVmBHQIi5RugWOg41lVo4SXCaPDL5arL2QugvVAroP/t4pBn3zbUSn07pI+5SF58JxAacJbFKdnyIetrwE72EPy5fTNg6HQrTAncO1MGcoNZt0sFyh32mWLjwZHC6DAB2PWIgmVD1KCSv3PTX7i9MQqzAmiuNFMu9kHx5HzeETGIKkoh3aDTC8nTC5Gg9HbycfPb38Nuc7BIINvHRYhxngQJ2HgYjrTafQnklNSYQgPUDuEuAH/9s/MNLdPpjq3BdXU/w5iX7L1yA7fJlrWvN/BdTEUkAZx/K7brggPixCFQb2WlftxDxZX4Mlizt+TsPIQTOsNyoGGD6LpBsTbDn0o5eCwBryu/iIJ9f0CvqlGcOMzzCBShFXgH+MquAulBkRXt3cFZNPCdOvwlKO8N6Gxj5LUjiMUV3MsnhLsMUCGFdjE8mmI1GnwzOhhTFhpzx6LhjkGS7KJCFTDvRKdINz00P6fAb2vnToS6UskHF3f6TyPb68p9iEvonptlOPpxzX7wN0Bzgvql0FiQrCi/PlcNpFbqFvZ7dFWOCpJZN7lxsvNs7PWJC6Hg2GoWW68RsOKA8XazirI7lFC5N8LAXB+jsC7LFYimQN8LAAiUWkuY32T477NleZnBPrU5/nJdwj7DWHstB7R+00bkTBBh5dptKiXKMS2qB/Lb0cPxYTKNT0YzunSh9YuBimzTymXq3P+LAkpVa5W0FcM7SDmh+r6TJSBZlfHc+s30j6TpTPeYiObUbTdldFpv+U0JQyKOXVO9OlQI6+CZ4aYlwsnZQYdTtM7vBw/HIblsfpZZsCsEz
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: y0Ze5xEhZOIUHZC1uOBanimnTNEPuh+FwFcEdjRf95zH2lfZnUmrP0+WWdAQoNQyA9ruq6V9bdH1yxiW4TzfzCCpTP7tk7W/7zNw+ZQXYiBeg53xTceWLucTWcZseCoT3fy0ICOCljgGhZ53CuwS3SBRV9Vj7PHu+duBWCrJSJM9mVJNky5cUAjo5Vjbkw8ko+NnO3ChRsg7AB6BjZZscPtDG/uFIWUBvlqeaZsraGYDWkBtBGVvPdvGEZL9NuTVVzjv/OV/Tgx/bupu02USUMiVre9oNGE3GX1W+extoAhFpGUTuNhy6/EK7s+pPa0iq70SiJKIrt0kKSlkFzYjhfQ8kK++LOklw1FdMhzFirpgdhabCaQkKoh+oSf/yCQJF+l6c0fsELXEGTwn73fNGHnUxrQndelGri+iLE8WBJA=
X-Microsoft-Exchange-Diagnostics: 1; BN7PR01MB3843; 6:q8S3LgpHSHTxhTg2eU37hsUrdrLapeP3xbuG/Mj1MrAgwLzM5KMewnofWKFNUqqCZDFeK69u6R4WZ+2qv1kLzj791l2ryWS9EMCNtbofeGsjP0sQHQ4gl1V3m1x21ls1W1EMkdq+IN6RshnIXCdt6b7ihX5jVKLYnPYFNNkjtRCrBsH6/rhX3fWtR4YS/i1BCf/syITRX0+NEczCQgDnbuLzCcHE6L6J5UmhLGKr/lcl4IZWkddeqPCiaqymZnZtuUcKz8nmH3sOBAF8tiLfFR+YdICIZ2CTABNVe06qvoepJ0ZIgnuqeOlxaF6r0gSSHv0Agu7Ag/jzUmYGLsLyH0v+9O0em7W5X/1XKlublnE7AOcK9KpBpXByQpmV/OC3NsXktCZFXpeKaQtDAMuF7T+F312BE8rASKYQnnNzY0EYWR6eTcACj7hWrBXD2SppgYWwUO7+/rWcUui2POukUw==; 5:g5w0EXXI0ABrC8p/4+nmTVF/diubmDWEZaR2smpYQA4VHBdu1xvGP65UCMAeGk9ntniPzoJMrBi/sqLkpBgM7PvzmXlKO8918gC6PvhjdK3gloGLhpUJpZg6u14SQw8t9fRlQ7nRTrTon8uw+Qti2qP2q5pUP/RwRtmt2INhk1n4+MrkJYZoA8MbOI80NrT44A30AmarsJKb6k5B6UWXmQ==; 7:i1PNUY4yNlv+bu6eessbMsb4zZ8rExigA42OP3xyw09BhsqmHdwzPzpqPb6xDWPTENRL+Mv0HOqBT43awzN2vIYA7TGSSBqi94UTjVSnMoFqzb8UDIIw1X/UKNTzXVdOdflUpNPFcA+t2xRyTo4yMg==
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Feb 2019 15:22:42.4864 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: f105398c-d985-4511-ccb7-08d68b7dc614
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.59]; Helo=[outgoing-exchange-5.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR01MB3843
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/FOhlMot-sKQq0lvKQ1FacJY0SaY>
Subject: Re: [OAUTH-WG] [UNVERIFIED SENDER] Re: MTLS and in-browser clients using the token endpoint
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Feb 2019 15:22:49 -0000

+1 to David. If it’s a redirect, 307 is more appropriate. It’s up to the AS to decide if the client should do MTLS or not, if there’s an option.

— Justin

On Feb 4, 2019, at 12:17 PM, David Waite <david@alkaline-solutions.com<mailto:david@alkaline-solutions.com>> wrote:

My understanding is that a permanent redirect would be telling the client (and any other clients getting cached results from an intermediary) to now stop using the original endpoint in perpetuity for all cases. I don’t think that is appropriate (in the general case) for an endpoint with request processing business logic behind it, since that logic may change over time.

-DW

On Feb 4, 2019, at 6:28 AM, Brian Campbell <bcampbell=40pingidentity.com@dmarc.ietf.org<mailto:bcampbell=40pingidentity.com@dmarc.ietf.org>> wrote:

Yeah, probably.

On Sat, Feb 2, 2019 at 12:39 AM Neil Madden <neil.madden@forgerock.com<mailto:neil.madden@forgerock.com>> wrote:
If we go down the 307 route, shouldn’t it rather be a 308 (permanent) redirect? It seems unnecessary for the client to keep trying the original endpoint or have to remember cache-control/expires timeouts.

— Neil

_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email