paseto-spec icon indicating copy to clipboard operation
paseto-spec copied to clipboard

Published 20 hours ago verified publisher icon paseto-standard

OAuth2 Implementation

Open paragonie-security opened this issue 4 years ago • 5 comments

Moving from https://github.com/paragonie/paseto/issues/5

paragonie-security avatar Sep 07 '21 20:09 paragonie-security

Is there any insight into the requirements here? I'm assuming it's just a matter of conforming to an interface? Are there refresh considerations?

oojacoboo avatar Oct 27 '22 01:10 oojacoboo

Any forward motion here mostly depends on dealing with standards organizations, which is more political than technical.

paragonie-security avatar Oct 30 '22 05:10 paragonie-security

Can you please elaborate? How is an interface between paseto and oauth not sufficient for interoperability?

oojacoboo avatar Oct 30 '22 05:10 oojacoboo

First, we need a PASETO RFC with the IETF. This depends on an XChaCha RFC with the IETF.

Once both those hurdles are cleared, we then need to write a specification for using OAuth2 with PASETO for bearer tokens, so that companies can implement the specification.

We'd need to do the same with OpenID Connect.

None of these are technically challenging, but getting standards organizations to actually standardize anything? Purely inter-office politics.

paragonie-security avatar Nov 02 '22 20:11 paragonie-security