Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add header #64

Merged
merged 4 commits into from Jan 29, 2024
Merged

Add header #64

merged 4 commits into from Jan 29, 2024

Conversation

tulshi
Copy link
Collaborator

@tulshi tulshi commented Jan 23, 2024

Addresses Issue #49

@tulshi tulshi linked an issue Jan 23, 2024 that may be closed by this pull request
Using Txn-Tokens securely #49
Closed
gffletch
gffletch reviewed Jan 23, 2024
View reviewed changes
draft-ietf-oauth-transaction-tokens.md
Txn-Tokens need to be communicated between workloads that depend upon them to authorize the request. Such workloads will often present HTTP {{RFC2616}} interfaces for being invoked by other workloads. This section specifies the HTTP header the invoking workload MUST use to communicate the Txn-Token to the invoked workload, when the invoked workload presents an HTTP interface. Note that the standard HTTP `Authorization` header MUST NOT be used because that may be used by the workloads to communicate channel authorization.

## Txn-Token Header
A workload that invokes another workload using HTTP and needs to present a Txn-Token to the invoked workload MUST use the HTTP Header `Txn-Token` to communicate the Txn-Token. The value of this header MUST be the JWT that represents the Txn-Token.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to (or should we) say anything about the encoding of the JWT?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've updated the language to specify the encoding. However, I feel like this might be redundant.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See notes of call on 1/26. We have decided to drop the line about the format.

@tulshi tulshi merged commit 9673380 into main Jan 29, 2024
2 checks passed
@tulshi tulshi deleted the add-header branch January 29, 2024 19:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gffletch gffletch gffletch approved these changes

Assignees

@gffletch gffletch

@bc-pi bc-pi

@PieterKas PieterKas

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Using Txn-Tokens securely
4 participants
@tulshi @gffletch @bc-pi @PieterKas