Refer to IANA "OAuth Token Endpoint Authentication Methods" instead of redefine?
bsriramprasad opened this issue · comments
Line 1251 in 3f5f67c
All the types defined in the above mentioned table are same as the one defined in the IANA
- Ref: https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#token-endpoint-auth-method
Queries
- Should we refer the authentication types to IANA like we usually do for e.g. with Encoding types etc.,? this would also be future proof in some sense?
- Those IANA authentication types are brought in with "RFC 7591 OAuth 2.0 Dynamic Client Registration Protocol", Ref: https://datatracker.ietf.org/doc/html/rfc7591#section-4.2. which otherwise are not mentioned at all in the original OAuth2.0 RFC 6749 that current ONVIF specification includes as normative reference.
- Should we include RFC7591 as may be an informative reference?
In latest VEWG Telco, its agreed that if there is a one to one mapping between types specified in JWT spec and IANA, its OK to refer the IANA spec, will submit the PR accordingly.
@HansBusch @sujithhanwha can this issue now be closed that there is a PR created off the back off the VE WG discussion.
Agree to close and discuss further in PR.
Already PR #390 is created for this issue. Closing this issue, based on request.
Further discussions will be managed in PR.