Re: [OAUTH-WG] OAuth 2.0 Pushed Authorization Requests: Implementation Status

Brian Campbell <> Wed, 24 March 2021 20:38 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D28D63A033F for <>; Wed, 24 Mar 2021 13:38:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id JrIK71GL-Ucv for <>; Wed, 24 Mar 2021 13:38:35 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id EB42D3A02BE for <>; Wed, 24 Mar 2021 13:38:34 -0700 (PDT)
Received: by with SMTP id g8so26858919lfv.12 for <>; Wed, 24 Mar 2021 13:38:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=AfEzYo5c3P8xm+a7MaOHgcI68DSOS8KtKaSdc9wSA7M=; b=cyNPxrQUnqZ5d7Cx46zgTbjOg7hWVcN9T4iZWJC4vZkNWDvTh7nJtvcPVghCZdDxje oJuYt6CKh0I20eb7N46Ct8etQm+p3S3iXct73hs6elHy/FFOJLUmE52EvsmhupTmOGZc ZQfrYwjiHpo/Z8DV4EXZHXh/gtZSTE1D5pNux4BAsnjH+tp6MzrR7ngk04u3XP6T357I kP/phaLFqSb4StzESUJbb0m462Ls/XtTysxE0G2KsqVWf8DPsB3LOLUR26ZQDnslBgyb fc2bm99ig70hBxAlizUMJtczvtiofeRGVV+6B3YY6MQNuNDKuTU5KHxPIBUAx+sX4+XG CzMA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=AfEzYo5c3P8xm+a7MaOHgcI68DSOS8KtKaSdc9wSA7M=; b=MHImAmzJ88jepCX+5J90H2mXG4hxWE9M0xN9yzPmLDZlMXMCGx0YyVN9XHgWwwAb8p O1yqeqlYDHA6YvcGgNx5FPVvr1vU1MkDyCWs9cUwZ87BLUo69PFfSCkG4HHuwAEDaluJ yVPA2kFnwIWtGADGRrIso8VdPBOTy3OlfPhTHFeAcn1MCBAlvErDl2fDjYNtFFonGOJA uxH4dFnXgnQSjlC+W1o9hR0GjjTvPW/tIEhd0jyRenTXfULzairtm2QTSXFOaeX3mSTH 8wwltc2iZk1AjWsU9i2XdsynzxjJXm/qj3/vBGUPL61+q9teq/Zz11sR4PQukd/LC9hq SXvA==
X-Gm-Message-State: AOAM533WBxRBWJ4e7Au/lAz5RKWi99Vb1ylpDfH71TU05v7FxKCrJdIq 5u948y4zcY5otge7MghxMEBHRyQVt12dmeTncEwn3ruZbI0UE4YapxUWRsKTQKdeoWGFQf6yXBQ J1/HnKPF8Nk6ZFbDNWyLZXg==
X-Google-Smtp-Source: ABdhPJwNfd9EnU1NyPZzWgUcou7NYDnC3CETyOLCBti5zvpTJM0352aeY57xRXAZq5Lph6Tp+cuL2gk+jK68ChnXrq4=
X-Received: by 2002:a05:6512:3ba4:: with SMTP id g36mr2808728lfv.376.1616618308005; Wed, 24 Mar 2021 13:38:28 -0700 (PDT)
MIME-Version: 1.0
References: <>
In-Reply-To: <>
From: Brian Campbell <>
Date: Wed, 24 Mar 2021 14:38:01 -0600
Message-ID: <>
To: Hannes Tschofenig <>
Cc: "" <>
Content-Type: multipart/alternative; boundary="000000000000fc890305be4e471e"
Archived-At: <>
Subject: Re: [OAUTH-WG] OAuth 2.0 Pushed Authorization Requests: Implementation Status
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 24 Mar 2021 20:38:40 -0000

I pieced together an informal list of some implementations and usages for
an interim presentation last August. See slide 9 of
for that. The mention of PingFederate on there was in beta at the time but
has since been officially released - look for PAR at

Earlier today Taka mentioned a few other places PAR is being
including the OpenID conformance suite already having test cases for it.

On Wed, Mar 24, 2021 at 1:53 PM Hannes Tschofenig <>

> Hi all,
> I am working on the shepherd writeup and I need information about the
> implementation status of this specification.
> Can you share whether you are implementing, or planning to implement this
> specification? If there is open source, please drop a link to the mailing
> list. If you implement it in your product, please let us know as well.
> This information helps the steering committee to judge the quality and
> maturity of the work.
> Ciao
> Hannes
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy the
> information in any medium. Thank you.
> _______________________________________________
> OAuth mailing list

_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._