Taka@Authlete, BaaS for OAuth 2.0 & OpenID Connect · Jul 22, 2020 · 2:48 PM UTC

Taka@Authlete, BaaS for OAuth 2.0 & OpenID Connect

Taka@Authlete, BaaS for OAuth 2.0 & OpenID Connect @darutk

22 Jul 2020

Another client type "credentialed", in addition to "public" and "confidential". The concept is being explained by Aaron (@aaronpk) in #osw2020. The OAuth 2.1 Authorization Framework tools.ietf.org/html/draft-pa…

Vladimir Dzhuvinov 🇪🇺 🇧🇬 · Jul 22, 2020 · 4:31 PM UTC

Vladimir Dzhuvinov 🇪🇺 🇧🇬 @dzhuvi

22 Jul 2020

How do you find the new "credentialed" term? Been wondering if a better name could be given to this in-between class of clients

Aaron Parecki · Jul 22, 2020 · 4:36 PM UTC

Aaron Parecki @aaronpk

22 Jul 2020

Suggestions welcome, but I like that it's pretty descriptive: "credentialed clients are clients that have credentials"

Vladimir Dzhuvinov 🇪🇺 🇧🇬 · Jul 22, 2020 · 4:42 PM UTC

Vladimir Dzhuvinov 🇪🇺 🇧🇬 @dzhuvi

22 Jul 2020

I can imagine a lot of thought was already spent on this :) Is a public client which uses a client certificate solely for the purpose of obtaining a private key bound token considered credentialed?

Aaron Parecki · Jul 22, 2020 · 4:46 PM UTC

Aaron Parecki · Jul 22, 2020 · 4:46 PM UTC

Aaron Parecki @aaronpk

22 Jul 2020

Replying to @dzhuvi @darutk

The text in the spec is "Clients that have credentials and their identity has been not been confirmed by the AS are designated as 'credentialed clients'", so that includes dynamic registration or the client bringing its own certificate, so yes :-)

Jul 22, 2020 · 4:46 PM UTC