Skip to content

Commit

Permalink
update Sec-Session-Registration
Browse files Browse the repository at this point in the history
  • Loading branch information
@kmonsen
kmonsen committed Sep 6, 2024
1 parent 66bde78 commit 15750c1
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,12 @@ Sec-Session-Registration: (ES256 RS256);path="path1";challenge="challenge_value"
Sec-Session-Registration: (ES256);path="path2";challenge="challenge_value"
```

An equivalent way of writing this is:
```http
HTTP/1.1 200 OK
Sec-Session-Registration: (ES256 RS256);path="path1";challenge="challenge_value";authorization="authcode", (ES256);path="path2";challenge="challenge_value"
```

The authorization value is optional for servers to send, but mandatory for clients to implement. If present, it will be sent to the registration endpoint in the `Authorization` header, and included in the registration JWT. This allows passing a bearer token that allows the server to link registration with some preceding sign in flow, as an alternative to the more traditional use of cookies. While this can also facilitate integration with some existing infrastructure, e.g. ones based on OAuth 2.0, this parameter is general and is not limited to the similarly named [Authorization Code](https://datatracker.ietf.org/doc/html/rfc6749#section-1.3.1) in OAuth 2.0.

#### Session Registration JWT
Expand Down

0 comments on commit 15750c1

Please sign in to comment.