A number of refinements have been applied to the DPoP specification. As recorded in the History entries, they are:
- Editorial updates
- Attempt to more formally define the DPoP Authorization header scheme
- Define the 401/WWW-Authenticate challenge
- Added invalid_dpop_proof error code for DPoP errors in token request
- Fixed up and added to the IANA section
- Added dpop_signing_alg_values_supported authorization server metadata
- Moved the Acknowledgements into an Appendix and added a bunch of names (best effort)
Thanks to Brian Campbell for doing the editing for this round.
The specification is available at:
Leave a Reply
You must be logged in to post a comment.