Originally submitted by josephheenan (Joseph Heenan) on 2026-03-16
Note that there's an update to the OAuth security in progress:
https://datatracker.ietf.org/doc/draft-ietf-oauth-security-topics-update/
We should probably address the document and each mentioned attack in some way.
1 attack is the private_key_jwt aud issue that's already addressed. I'm not sure about the others.
Bitbucket status: new
Bitbucket origin: issue 855
Note that there's an update to the OAuth security in progress:
https://datatracker.ietf.org/doc/draft-ietf-oauth-security-topics-update/
We should probably address the document and each mentioned attack in some way.
1 attack is the private_key_jwt aud issue that's already addressed. I'm not sure about the others.
Bitbucket status: new
Bitbucket origin: issue 855