Aaron Parecki

I actually had a long discussion with a few folks about this last month, and we came to the conclusion that while this is a better design, ultimately DCR was...

I've now heard of a few implementations creating a list of allowed redirect URIs that can be used in Dynamic Client Registration. That seems like a creative hack that accomplishes...

You did point this out in 2021 :joy: https://github.com/oauth-wg/oauth-v2-1/issues/26#issuecomment-771281328

We need AS metadata to tell clients what kind of clients it supports: OAuth 2.1 clients, or both clients. If the parameter doesn't exist, clients can assume the server only...

* There are multiple ways someone might want to migrate clients * How do I support both 2.0 and 2.1 clients at the same time * How do I not...

I think we can just point at the updated language in RFC7523bis now rather than trying to recreate it here, yea?

Many servers have either unlimited length refresh tokens or refresh tokens with a dynamic expiration date. In any case, the client can't do anything useful with the knowledge of the...

* The client has to handle the case of a refresh token expiring at any given time, the expiry is up to the AS, and can be scheduled or at...

Did this file get renamed? I don't see any trace of `AttestationController` in the code anymore except for the mention in the README