New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support OAuth DPoP #651
Comments
I'm excited to see the discussion around introducing DPoP support into the x/oauth2 package and I would love to start working on a prototype but I have a few questions and thoughts about the proposal that I hope you could help clarify @hickford
Your insights would be greatly appreciated. |
@adel-habib You can use this library for confidential or public clients. A client is confidential if it can keep the secret confidential. So server-side web apps are confidential clients. Native apps such as desktop apps are public clients. |
That's right. I overlooked that use case. |
Is anyone working on OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP) support? RFC 9449 https://datatracker.ietf.org/doc/html/rfc9449 was published 2023.
Of course, the API will have to go through the Go change proposal process.
The text was updated successfully, but these errors were encountered: