wijzigingen ten behoeve van de [rfc8705] OAuth
Closed this issue · 1 comments
mrtn78 commented
Ik (Heiko Hudig) heb een overzicht gemaakt van de wijzigingen ten behoeve van de [rfc8705] OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens.
| Onderwerp | Paragraaf | Originele tekst | Nieuwe tekst |
|---|---|---|---|
| mtls | A.1 Normative references https://logius-standaarden.github.io/OAuth-NL-profiel/#normative-references | Nieuw | [rfc8705]OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens. J. Bradley, B. Campbell, N. Sakimura, T. Lodderstedt, Standards Track. URL: https://www.rfc-editor.org/rfc/rfc8705 |
| Mtls | 2.1.1 Full Client with User Delegation https://logius-standaarden.github.io/OAuth-NL-profiel/#full-client-with-user-delegation | credentials (private_key_jwt) | credentials (private_key_jwt or tls_client_auth [rfc8705]) |
| Mtls | 3.1.2 Client authentication https://logius-standaarden.github.io/OAuth-NL-profiel/#client-authentication | The authorization server MUST enforce client authentication as described above for the authorization code and client credentials grant types. Public client cannot authenticate to the authorization server.The authorization server MUST validate all redirect URIs for authorization code . | The authorization server MUST enforce client authentication as described above for the authorization code and client credentials grant types. Public client cannot authenticate to the authorization server.The authorization server MUST validate all redirect URIs for authorization code .One of the following clint authentication types MUST be used: private_key_jwt or tls_client_auth [rfc8705] |
| mtls | 2.3.3 Requests to the Token Endpoint https://logius-standaarden.github.io/OAuth-NL-profiel/#requests-to-the-token-endpoint | defined by the JWT Profile for OAuth 2.0 Client Authentication and Authorization Grants(https://logius-standaarden.github.io/OAuth-NL-profiel/#bib-rfc7523)] only using the private_key_jwt method defined in [OpenID Connect Core] [OpenID.Core] | defined by the JWT Profile for OAuth 2.0 Client Authentication and Authorization Grants(https://logius-standaarden.github.io/OAuth-NL-profiel/#bib-rfc7523)] using either the private_key_jwt method defined in [OpenID Connect Core] [OpenID.Core] or the tls_client_auth method defined in [rfc8705] |
| Mtls | 3.1.5 Discovery - https://logius-standaarden.github.io/OAuth-NL-profiel/#discovery | "token_endpoint_auth_methods_supported": [ "private_key_jwt", ], | "token_endpoint_auth_methods_supported": [ "private_key_jwt", "tls_client_auth" ], |
| Mtls | 5.1 Proof of Possession Tokens - https://logius-standaarden.github.io/OAuth-NL-profiel/#proof-of-possession-tokens | e.g. using an private_key_jwt | e.g. using an private_key_jwt or tls_client_auth [rfc8705] |
mrtn78 commented
Vandaag in de WG beveiliging is besloten deze verbeteringen besproken en besloten deze nog mee te nemen in versie 1.1