-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
clarified fields versus claims and IANA registry name #92
Conversation
@@ -542,7 +542,7 @@ Txn-Tokens SHOULD NOT be logged if they contain Personally Identifiable Informat | |||
|
|||
# IANA Considerations {#IANA} | |||
|
|||
This specification registers the following claims defined in Section {{txn-token-header}} to the OAuth Access Token Types Registry defined in {{RFC6749}}, and the following claims defined in Section {{txn-token-claims}} in the IANA JSON Web Token Claims Registry defined in {{RFC7519}} | |||
This specification registers the following field defined in Section {{txn-token-header}} to the OAuth Access Token Types Registry defined in {{RFC6749}}, and the following claims defined in Section {{txn-token-claims}} in the IANA JSON Web Token Claims Registry defined in {{RFC7519}} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lots to unpack here that goes beyond changing one word...
The referenced section {{txn-token-header}}
is JWT Header which calls headers claims. Headers are not claims. Also the value of the typ
header is supposed to be a media type so the txn_token
value probably isn't quite right and the registration for it below certainly isn't right. Also the urn:ieft:params:oauth:token-type:txn-token
URI is missing a registration and the Txn-Token Request section that defines it has some major formatting issues.
Some related reading, issues, and examples of these things being done in other specs follows:
#84
https://www.rfc-editor.org/rfc/rfc7515#section-4.1.9
https://www.rfc-editor.org/rfc/rfc7519#section-5.1
https://www.rfc-editor.org/rfc/rfc8725.html#name-use-explicit-typing
https://datatracker.ietf.org/doc/html/rfc9068#name-header
https://www.rfc-editor.org/rfc/rfc9449.html#name-dpop-proof-jwt-syntax
https://www.rfc-editor.org/rfc/rfc7519.html#section-10.2
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm pulling out the misuse of the "typ" Header Parameter as a separate issue so that it can be discussed on its own.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No description provided.