Bearer token in header as Basic token? – Does that violate the RFC6749 spec?

In a header you can have—for example—"Authorization: Basic " xor "Authorization: Bearer ".
If I use my Bearer token as Basic, then can this endpoint double as a give me fresh tokens for this access token"?
https://… Continue reading Bearer token in header as Basic token? – Does that violate the RFC6749 spec?

OAuth2: Is it good practice to store multiple information in state parameter then encrypt it?

I’m implementing the Authorization code flow with PKCE and planning to have my redirect_uri as the backend.
In this case, while making the code to token exchange call (in the backend), I won’t be having information like the clientId and co… Continue reading OAuth2: Is it good practice to store multiple information in state parameter then encrypt it?

Name Constraints, empty sets in permitted subtree (RFC 3280 vs RFC 5280)

I’m trying to understand the effect of empty sets in permittedSubtrees in both, RFC 5280 and RFC 3280. There is something that doesn’t compile in my head.
Scenario:
We have a CA certificate with the following Name Constraints setup:
Permit… Continue reading Name Constraints, empty sets in permitted subtree (RFC 3280 vs RFC 5280)

Is there a way to filter RFCs for what would constitute minimum allowed TCP/UDP traffic for functioning of web applications? [closed]

In my search for a comprehensive list of implemented RFC’s as pertaining to TCP/UDP traffic, I’ve come across RFC 7414 – but it only provides links and only for TCP. Is there any project that either meta-analyzed these, or that has been ma… Continue reading Is there a way to filter RFCs for what would constitute minimum allowed TCP/UDP traffic for functioning of web applications? [closed]