| And by the way, has anyone researched on GNAP (published 20 March 2024)? > GNAP (Grant Negotiation and Authorization Protocol) is an in-progress effort to develop a next-generation authorization protocol From spec https://oauth.net/gnap/ > GNAP is not an extension of OAuth 2.0 and is not intended to be directly compatible with OAuth 2.0. GNAP seeks to provide functionality and solve use cases that OAuth 2.0 cannot easily or cleanly address. > GNAP and OAuth 2.0 will likely exist in parallel for many deployments, and considerations have been taken to facilitate the mapping and transition from existing OAuth 2.0 systems to GNAP Doesnt look like GNAP will fly any time soon, however there is a very interesting part - Security Considerations section. Looks like it was made by people who are familiar with all varieties of cyberops and usability issues in OAuth2/OIDC spec. Security Considerations section https://datatracker.ietf.org/doc/html/draft-ietf-gnap-core-p... If any cyberops, pentester pro reading this, please advise how to research more. Thanx in advance. |