Skip to content

Additional detail on 'aud' claim #141

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 4, 2024
Merged

Additional detail on 'aud' claim #141

merged 2 commits into from
Oct 4, 2024

Conversation

@PieterKas
Copy link
Collaborator

@PieterKas PieterKas commented Sep 27, 2024

See issue #134

@PieterKas PieterKas requested a review from tulshi as a code owner September 27, 2024 16:03
gffletch
gffletch approved these changes Sep 27, 2024
View reviewed changes
Copy link
Collaborator

@gffletch gffletch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good

tulshi
tulshi reviewed Oct 3, 2024
View reviewed changes
draft-ietf-oauth-transaction-tokens.md Outdated
* `grant_type` REQUIRED. The value MUST be set to `urn:ietf:params:oauth:grant-type:token-exchange`
* `audience` REQUIRED. The value MUST be set to the Trust Domain name
* `grant_type` REQUIRED. The value MUST be set to `urn:ietf:params:oauth:grant-type:token-exchange`.
* `audience` REQUIRED. The value of the aud claim MUST remain unchanged in a replacement Txn-Token to prevent the Txn-Token from being accepted outside it's current Trust Domain.
Copy link
Collaborator

@tulshi tulshi Oct 3, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is in the "Txn-Token Request" section. Do we need to talk about replacement here, or should we have that language in the "Creating Replacement Txn-Tokens" section? We perhaps already have this there. Also, if you delete the "value MUST be set to the Trust Domain name", then we don't have that constraint listed anywhere else. We should make sure we have that specified somewhere if we want to remove it from here.

Copy link
Collaborator Author

@PieterKas PieterKas Oct 4, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When the aud claim is initially defined, it is constrained to the trust domain. Agreed this is in the wrong section. Thanks for catching that. Reading the section on the replacement transaction tokens, it states that the sub and and values must remain unchanged. It may be enough to have the constraint explained in the original definition, so just removing this.,

@tulshi tulshi linked an issue Oct 3, 2024 that may be closed by this pull request
Clarify why the "aud" claim remains unchanged #134
Closed
@tulshi tulshi merged commit 3ec3804 into main Oct 4, 2024
2 checks passed
@tulshi tulshi deleted the PieterKas-patch-2 branch October 4, 2024 21:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gffletch gffletch gffletch approved these changes

@tulshi tulshi tulshi approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Clarify why the "aud" claim remains unchanged

4 participants

@PieterKas @gffletch @tulshi