HTTP APIs
261 posts
HTTP APIs
@http_apis
Bits and tweets about HTTP based Application Programming Interfaces. By @pmhsfelix
Katılım Ağustos 2018
2 Takip Edilen194 Takipçiler
"To address this, this memo defines a path prefix in HTTP(S) URIs for these "well-known locations", "/.well-known/"."
In tools.ietf.org/html/rfc5785
(2/2)
English
"The immutable HTTP response Cache-Control extension allows servers to identify resources that will not be updated during their freshness lifetime. This ensures that a client never needs to revalidate a cached fresh resource (...)"
In tools.ietf.org/html/rfc8246
English
"PKCE vs. Nonce: Equivalent or Not?"
In danielfett.de/2020/05/16/pkc…
by @dfett42
English
Early hints example from tools.ietf.org/html/rfc8297
HTTP/1.1 103 Early Hints
Link: </style.css>; rel=preload; as=style
Link: </script.js>; rel=preload; as=script
HTTP/1.1 200 OK
Date: Fri, 26 May 2017 10:02:11 GMT
(...)
English
"This memo introduces an informational HTTP status code that can be used to convey hints that help a client make preparations for processing the final response."
In tools.ietf.org/html/rfc8297
English
"acr - Authentication Context Class Reference - String specifying an Authentication Context Class Reference value that identifies the Authentication Context Class that the authentication performed satisfied"
In #IDToken" target="_blank" rel="nofollow noopener">openid.net/specs/openid-c…
English
"azp - Authorized Party - the party to which the ID Token was issued. (...) This Claim is only needed when the ID Token has a single audience value and that audience is different than the authorized party"
In #IDToken" target="_blank" rel="nofollow noopener">openid.net/specs/openid-c…
English
HTTP APIs retweetledi
"What makes HTTP significantly different from RPC is that the requests are directed to resources using a generic interface with standard semantics that can be interpreted by intermediaries (..) "
In "HTTP is not RPC" by @fielding #sec_6_5_2" target="_blank" rel="nofollow noopener">ics.uci.edu/~fielding/pubs…
English
"The Web is based on numerous standards that together make up the surface of the Web: By knowing and supporting those standards, problems can be solved in well-known ways."
By @dret, in dret.net/netdret/docs/w…
English
"If the same issuer can issue JWTs that are intended for use by more than one relying party or application, the JWT MUST contain an "aud" (audience) claim that can be used to determine whether the JWT is being used by an intended party (...)"
In #name-use-and-validate-audience" target="_blank" rel="nofollow noopener">rfc-editor.org/rfc/rfc8725.ht…
English
"Sometimes, one kind of JWT can be confused for another. If a particular kind of JWT is subject to such confusion, that JWT can include an explicit JWT type value, and the validation rules can specify checking the type."
In #name-use-explicit-typing" target="_blank" rel="nofollow noopener">rfc-editor.org/rfc/rfc8725.ht…
English
"JSON Web Tokens (...) are URL-safe JSON-based security tokens that contain a set of claims that can be signed and/or encrypted.This (...) document updates RFC 7519 to provide actionable guidance leading to secure implementation and deployment of JWTs."
In rfc-editor.org/rfc/rfc8725.ht…
English
"The OAuth 2.0 device authorization grant is designed for Internet-connected devices that either lack a browser to perform a user-agent-based authorization or are input constrained"
In "OAuth 2.0 Device Authorization Grant" tools.ietf.org/html/rfc8628
English