Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement PAR #40

Closed
leastprivilege opened this issue Dec 11, 2020 · 11 comments · Fixed by #1460
Closed

Implement PAR #40

leastprivilege opened this issue Dec 11, 2020 · 11 comments · Fixed by #1460
Assignees
@josephdecock
Milestone
7.0.0

Comments

@leastprivilege
Copy link
Member

track https://tools.ietf.org/html/draft-ietf-oauth-par-04
@TobiasAhnoff
Copy link

TobiasAhnoff commented Feb 3, 2021
edited
Loading

Hi! From the presentation "OAuth 2.1" and beyond (as always a great presentation!), I got the impression that PAR was ready to use (even though it still is a draft), but now I realized that it is a planned feature. What are the plans for PAR?

@leastprivilege
Copy link
Member Author

As soon as the spec is finalized, we will add it.

@TobiasAhnoff
Copy link

Looking forward to that, thank you!

@leastprivilege leastprivilege added this to the 5.x milestone Apr 4, 2021
@bigheadedmonster
Copy link

Really looking forward to this :)

@leastprivilege leastprivilege modified the milestones: 5.x, 6.0 Aug 23, 2021
@brockallen
Copy link
Member

As part of this, we think it will be necessary to pass the full validated request to the redirect uri validator.

@bigheadedmonster
Copy link

Getting access to the full validated request in the uri validator would be a welcome addition on its own :)

@brockallen brockallen modified the milestones: 6.0, 6.x Oct 28, 2021
@brockallen brockallen modified the milestones: 6.x, 6.1.0 Jan 18, 2022
@brockallen brockallen mentioned this issue Mar 30, 2022
Closed
@brockallen brockallen modified the milestones: 6.1.0, 6.2.0 Mar 31, 2022
@brockallen brockallen modified the milestones: 6.2.0, 6.3.0 Oct 19, 2022
@brockallen
Copy link
Member

Some internal notes I jotted down:

1: validate on PAR endpoint (refactor from authZ validator)
2: bypass validation for valid PAR request URI on authZ EP
3: allow client to have per-request redirect_uri (only for confidential clients, JAR). maybe this means we add which params are validated to the request object, and then pass that along to the URI validator.

@bigheadedmonster
Copy link

🥳

@brockallen brockallen modified the milestones: 6.3.0, Future, 7.x Jan 9, 2023
@bigheadedmonster
Copy link

Any comments on a more precise date for the PAR feature for identity server? :)

@leastprivilege
Copy link
Member Author

We postpone PAR in favour of DPoP.

DPoP will come in the next version, PAR the version after that.

@brockallen
Copy link
Member

related: #983

@josephdecock josephdecock mentioned this issue Nov 6, 2023
Merged
@josephdecock josephdecock linked a pull request Nov 6, 2023 that will close this issue
Add license validation for PAR #1460
Merged
josephdecock pushed a commit that referenced this issue Jan 2, 2025
@leastprivilege
Merge pull request #40 from DuendeSoftware/dom/simplify-header-handling
021002a 
Simplify header handling
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@josephdecock josephdecock

Labels
None yet
Projects
None yet
Milestone
7.0.0
Development

Successfully merging a pull request may close this issue.

Add license validation for PAR DuendeSoftware/products
5 participants
@brockallen @josephdecock @leastprivilege @TobiasAhnoff @bigheadedmonster