Re: [OAUTH-WG] Implementation Status of "JWT Secured Authorization Request (JAR)"

Dominick Baier <> Tue, 22 September 2020 05:32 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8FA4D3A13A8 for <>; Mon, 21 Sep 2020 22:32:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id TQSxDmHNfAsp for <>; Mon, 21 Sep 2020 22:32:36 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::d36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 142D83A13AB for <>; Mon, 21 Sep 2020 22:32:35 -0700 (PDT)
Received: by with SMTP id j2so18237881ioj.7 for <>; Mon, 21 Sep 2020 22:32:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=from:in-reply-to:references:mime-version:date:message-id:subject:to; bh=bss7A8OUqAMeuN66IqPfpn7gHSfOEqMbC3F0n6RfZEY=; b=Ue1O2+doUx0DGjpl6gKjPdnFBaVJYO3/ESLukZNsNRwt3HmW6LWck0VbopCNKjuYmz lFFO0dVgeAzLEB/FkfM7SZA9Q/LLXOJTML7kOTPCP/rfg1jMh+jXSOEoLG2v9PnKMroo zMUF8BSLerTfH/q9hzD5XC8ReInCbLBViFq9XlwwfvO1AzUbHRwSl1iNB9DRuwavvgmg PgpnlMqIrMa1QT+d5i5uBytsSby2wK3IAWPMETEYMhxacjz4VWYMYgYyJKNxX4D0evig yzadAdjGjL4AfDsT//vpchllxOpFW2IcPTJzY/goAwRO9TqrZm2noZUSfrSHZrSl5JTF Fi3g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to; bh=bss7A8OUqAMeuN66IqPfpn7gHSfOEqMbC3F0n6RfZEY=; b=TUQQQWCR9jCxlFiABoPwrMJ5uGKSZRRmyQjjEIRUXhuMoDr0XP0lCaurWckl2e8GEu eCW37sDhsCLWEc4g70g/TN9HLd1lBUbajL7y7fxTURpEBDATP7hO2WyYkTwsFi6R3c0s KXNREyfCXHUcG2ztmw78OkpWQ92LRnmQaVDS8T6DT3GcSgj++FTyUIlUPEbZgdKy5kDD mjn/xT6ta1e/ZsS3slwgpq3WO/0rsvCO8PrPA8CAz8fpMc73xCRDvH2NJBdCf6d+IQIc 84Xpq+b33D7yQzzF8gU2/9OMjcAXpL2DxNKVtUzI2YNcfN3MeQL0nMhNBp1Mi43ZcPr4 bQ6A==
X-Gm-Message-State: AOAM530xWpgoAHyQKdH2zW28h3uMACAYAh5vpGOKmKGK5ldjAAUSNgey C7tVwqJxEIL2VobMeXsTk3MnIlttSq3FF9ub0S+5O1ut4k3+
X-Google-Smtp-Source: ABdhPJyd1PUwcSrV2+KMyeXDa4lxwiJfAPNZW6TwVoMhwebzAFZSYVSL5g3qrcqAWc96AOhQpTVTFuLl2dNBxK/eYiU=
X-Received: by 2002:a05:6602:2f07:: with SMTP id q7mr2217875iow.191.1600752755088; Mon, 21 Sep 2020 22:32:35 -0700 (PDT)
Received: from 1058052472880 named unknown by with HTTPREST; Tue, 22 Sep 2020 01:32:34 -0400
From: Dominick Baier <>
In-Reply-To: <>
References: <>
MIME-Version: 1.0
Date: Tue, 22 Sep 2020 01:32:34 -0400
Message-ID: <>
To: Hannes Tschofenig <>, "" <>
Content-Type: multipart/alternative; boundary="00000000000057342f05afe04bac"
Archived-At: <>
Subject: Re: [OAUTH-WG] Implementation Status of "JWT Secured Authorization Request (JAR)"
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 22 Sep 2020 05:32:39 -0000

Also IdentityServer implements JAR

Dominick Baier

On 21. September 2020 at 21:22:17, Hannes Tschofenig ( wrote:

Hi all

Because some procedural issues I have to update the shepherd writeup of the
JAR document and I wanted to verify whether the implementations listed in
(copied below) are still inline with the latest version of (given the changes
the document has gone through*).

----- List of implementations -----

As part of the OpenID Foundation certification program the following

implementations of OpenID Connect Core indicate support for this


* CZ.NIC mojeID,

* Thierry Habart's SimpleIdentitySever v.2.0.0,

* Roland Hedberg's pyoidc 0.7.7,

* Peercraft ApS's Peercarft,

* MIT's MITREidConnect,

* Gluue Server 2.3,

* Filip Skokan's node-oidc pre supports.

Authlete (, a commerical, closed source

server implementation, has also implemented this specification and

is offering it.

There is an open source implementation from NRI in PHP and Scala.

NRI's Open Source PHP:




PS: List of changes from the current draft to the one when I wrote my
shepherd writeup:

IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If you are not the intended
recipient, please notify the sender immediately and do not disclose the
contents to any other person, use it for any purpose, or store or copy the
information in any medium. Thank you.
OAuth mailing list