Skip to content

Commit

Permalink
feat(DPoP): remove experimental flag, DPoP is now RFC9449
Browse files Browse the repository at this point in the history
  • Loading branch information
panva committed Sep 8, 2023
1 parent 5930821 commit 89d133e
Show file tree
Hide file tree
Showing 4 changed files with 6 additions and 20 deletions.
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ _Note that not all features are enabled by default, check the configuration sect
- [`RFC9101` - OAuth 2.0 JWT-Secured Authorization Request (`JAR`)][jar]
- [`RFC9126` - OAuth 2.0 Pushed Authorization Requests (`PAR`)][par]
- [`RFC9207` - OAuth 2.0 Authorization Server Issuer Identifier in Authorization Response][iss-auth-resp]
- [`RFC9449` - OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (`DPoP`)][dpop]
- [Financial-grade API Security Profile 1.0 - Part 2: Advanced (`FAPI 1.0`)][fapi]
- [JWT Secured Authorization Response Mode for OAuth 2.0 (`JARM`)][jarm]
- [OIDC Client Initiated Backchannel Authentication Flow (`CIBA`)][ciba]
Expand All @@ -48,7 +49,6 @@ The following draft specifications are implemented by oidc-provider:

- [JWT Response for OAuth Token Introspection - draft 10][jwt-introspection]
- [Financial-grade API: Client Initiated Backchannel Authentication Profile (`FAPI-CIBA`) - Implementer's Draft 01][fapi-ciba]
- [OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (`DPoP`) - draft 11][dpop]

Updates to draft specification versions are released as MINOR library versions,
if you utilize these specification implementations consider using the tilde `~` operator in your
Expand Down Expand Up @@ -129,7 +129,7 @@ actions and i.e. emit metrics that react to specific triggers. See the list of a
[jwt-introspection]: https://tools.ietf.org/html/draft-ietf-oauth-jwt-introspection-response-10
[sponsor-auth0]: https://a0.to/try-auth0
[mtls]: https://www.rfc-editor.org/rfc/rfc8705.html
[dpop]: https://tools.ietf.org/html/draft-ietf-oauth-dpop-11
[dpop]: https://www.rfc-editor.org/rfc/rfc9449.html
[resource-indicators]: https://www.rfc-editor.org/rfc/rfc8707.html
[jarm]: https://openid.net/specs/oauth-v2-jarm.html
[jwt-at]: https://www.rfc-editor.org/rfc/rfc9068.html
Expand Down
7 changes: 2 additions & 5 deletions docs/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -850,12 +850,9 @@ _**default value**_:

### features.dPoP

[draft-ietf-oauth-dpop-11](https://tools.ietf.org/html/draft-ietf-oauth-dpop-11) - OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (`DPoP`)
[`RFC9449`](https://www.rfc-editor.org/rfc/rfc9449.html) - OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (`DPoP`)

Enables `DPoP` - mechanism for sender-constraining tokens via a proof-of-possession mechanism on the application level. Browser DPoP proof generation [here](https://www.npmjs.com/package/dpop).


_**recommendation**_: Updates to draft specification versions are released as MINOR library versions, if you utilize these specification implementations consider using the tilde `~` operator in your package.json since breaking changes may be introduced as part of these version updates. Alternatively, [acknowledge](#features) the version and be notified of breaking changes as part of your CI.
Enables `DPoP` - mechanism for sender-constraining tokens via a proof-of-possession mechanism on the application level. Browser DPoP proof generation [here](https://www.npmjs.com/package/dpop).


_**default value**_:
Expand Down
8 changes: 1 addition & 7 deletions lib/helpers/defaults.js
Original file line number Diff line number Diff line change
Expand Up @@ -872,17 +872,11 @@ function makeDefaults() {
/*
* features.dPoP
*
* title: [draft-ietf-oauth-dpop-11](https://tools.ietf.org/html/draft-ietf-oauth-dpop-11) - OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (`DPoP`)
* title: [`RFC9449`](https://www.rfc-editor.org/rfc/rfc9449.html) - OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (`DPoP`)
*
* description: Enables `DPoP` - mechanism for sender-constraining tokens via a
* proof-of-possession mechanism on the application level. Browser DPoP proof generation
* [here](https://www.npmjs.com/package/dpop).
*
* recommendation: Updates to draft specification versions are released as MINOR library versions,
* if you utilize these specification implementations consider using the tilde `~` operator
* in your package.json since breaking changes may be introduced as part of these version
* updates. Alternatively, [acknowledge](#features) the version and be notified of breaking
* changes as part of your CI.
*/
dPoP: {
enabled: false,
Expand Down
7 changes: 1 addition & 6 deletions lib/helpers/features.js
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ export const STABLE = new Set([
'clientCredentials',
'deviceFlow',
'devInteractions',
'dPoP',
'encryption',
'fapi',
'introspection',
Expand All @@ -22,12 +23,6 @@ export const STABLE = new Set([
]);

export const DRAFTS = new Map(Object.entries({
dPoP: {
name: 'OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer - draft 11',
type: 'IETF OAuth Working Group draft',
url: 'https://tools.ietf.org/html/draft-ietf-oauth-dpop-11',
version: ['draft-11'],
},
jwtIntrospection: {
name: 'JWT Response for OAuth Token Introspection - draft 10',
type: 'IETF OAuth Working Group draft',
Expand Down

0 comments on commit 89d133e

Please sign in to comment.