Skip to content

Navigation Menu

Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

bluesky-social / atproto-website Public

Notifications You must be signed in to change notification settings
Fork 147
Star 241

Code
Issues 29
Pull requests 5
Actions
Projects
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Projects
Security
Insights

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OAuth Spec Follow-Ups #339

Open

12 tasks

bnewbold opened this issue Sep 16, 2024 · 0 comments

Open

12 tasks

OAuth Spec Follow-Ups #339

bnewbold opened this issue Sep 16, 2024 · 0 comments

Labels

specs

Comments

Copy link

Contributor

bnewbold commented Sep 16, 2024 •

edited

Loading

Copying over specific comments and points from the OAuth spec draft for follow-up conversation.

token revocation: both a client best-practice and something servers would need to support (must? should?) Draft OAuth Spec #326 (comment)
native app / localhost flow follow-ups
strict client_uri, tos_uri, policy_uri: same-origin? require iframe-able, HTTP 200 (not redirect)? Draft OAuth Spec #326 (comment)
should we allow data: for logo_uri? Draft OAuth Spec #326 (comment)
should the AS auth interface render account info (handle, profile avatar) if the user supplied a raw DID for login? Draft OAuth Spec #326 (comment)
clarify role of state in param in linking overall session identifier at end of flow (?) Draft OAuth Spec #326 (comment)
emphasis around when sub identity check is "more" important: Draft OAuth Spec #326 (comment)
case sensitivity of some values. Draft OAuth Spec #326 (comment)
clarify terms around loopback interface. Draft OAuth Spec #326 (comment)
discuss importance of verifying iss response param in more places. Draft OAuth Spec #326 (comment)
reuse of code during auth flow resulting in AS rejecting older/existing session/token: should vs must Draft OAuth Spec #326 (comment)
Recommend that native apps do not use DNS to resolve identity during OAuth #348

The text was updated successfully, but these errors were encountered:

All reactions

bnewbold mentioned this issue

Draft OAuth Spec #326

Merged

5 tasks

bnewbold added the specs label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Assignees

No one assigned

Labels

Projects

None yet

Milestone

No milestone

Development

No branches or pull requests

1 participant

Footer

© 2024 GitHub, Inc.

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.