[Openid-specs-ab] OpenID Connect Key Binding :: Proposed WG Item
Dick Hardt
dick.hardt at gmail.com
Thu Aug 21 14:09:12 UTC 2025
The change of adding a `code` claim in the DPoP JWT was pushed out earlier
today.
On Fri, Aug 15, 2025 at 2:54 PM Dick Hardt <dick.hardt at gmail.com> wrote:
> Based on feedback from Filipe in the call, I'm proposing that the RP
> includes the `code` value as an additional claim in the DPoP JWT, and that
> the OP verifies it matches the `code` value in the token request. (changing
> from overriding the `nonce` claim)
>
> I'll make this change to the proposed doc early next week unless
> someone has a different proposal. We can then review this on the call
> Thursday next week.
>
> On Mon, Aug 11, 2025 at 5:26 PM Dick Hardt <dick.hardt at gmail.com> wrote:
>
>> Hey
>>
>> Ethan and I are offering the attached document as a contribution to the
>> Connect WG.
>>
>> Mike / Nat: is there room on the agenda this coming Thursday to discuss?
>>
>> For those of you that don't know him, Ethan worked on OpenPubkey
>> <https://www.bastionzero.com/openpubkey> and now works at Cloudflare.
>>
>> There is very little new normative language in this spec. We are building
>> on the great work done by:
>>
>> Daniel Fett
>> Brian Campbell
>> John Bradley
>> Torsten Lodderstedt
>> Michael Jones
>> David Waite
>>
>>
>> in
>>
>> RFC9449 - OAuth 2.0 Demonstrating Proof of Possession
>> <https://datatracker.ietf.org/doc/html/rfc9449>
>>
>> and profiling it for OpenID Connect.
>>
>> Here is the repo where you can file issues / comments / PRs
>>
>> https://github.com/dickhardt/openid-key-binding
>>
>> /Dick and Ethan
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20250821/6b111737/attachment-0001.htm>
More information about the Openid-specs-ab
mailing list