Post · bonfire.cafe

Post

Ooooh! ID-JAG or OAuth Identity Assertion JWT Authorization Grants looks interesting: https://www.ietf.org/archive/id/draft-ietf-oauth-identity-assertion-authz-grant-01.html

#oauth

Screenshot summarizing the flow for this grant from the linked internet draft document.

Box464

@box464@mastodon.social replied · last month

@thisismissem I’ve never seen someone Oooh over oauth. 😅 I’m happy to see it tho.

Emelia 👸🏻

@thisismissem@hachyderm.io replied · last month

@box464 I'm _that_ type of girl.

Also:
- https://www.ietf.org/archive/id/draft-ietf-oauth-attestation-based-client-auth-07.html
- https://www.rfc-editor.org/rfc/rfc7521.html#section-6.1

Mike P

@FenTiger@mastodon.social replied · last month

@thisismissem This sequence diagram is _exactly_ the "some kind of token exchange" idea I was banging on about on Discord a few weeks ago.

Very interesting indeed to see that there's a proper spec for it. Now I'll have to look at it & work out how similar it is to my WIP implementation.

Henryk Plötz

@henryk@chaos.social replied · last month

@thisismissem Ahh, the fundamental theorem of software engineering: "Any problem in computer science can be solved with another layer of indirection, except of course for the problem of too many indirections." -- David J. Wheeler

Emelia 👸🏻

@thisismissem@hachyderm.io replied · last month

@henryk it's interesting for certain use cases and workloads.

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.1-beta.35 no JS en

Automatic federation enabled