John Bradley and I collaborated to create the second OAuth 2.0 Mix-Up Mitigation draft. Changes were:
- Simplified by no longer specifying the signed JWT method for returning the mitigation information.
- Simplified by no longer depending upon publication of a discovery metadata document.
- Added the “
state
” token request parameter. - Added examples.
- Added John Bradley as an editor.
The specification is available at:
An HTML-formatted version is also available at:
Leave a Reply
You must be logged in to post a comment.