Hi, I've got a few comments on your draft.
I’m wondering why neither acr nor auth_time (which are used in OIDC) made their way into this spec?
What is the difference between prn and the user_id claim OIDC uses? regards, Torsten. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
