Thanks. Is it assumed/valid that the "aud" field can be used in non-JWT environs?
Todd Lainhart Rational software IBM Corporation 550 King Street, Littleton, MA 01460-1250 1-978-899-4705 2-276-4705 (T/L) lainh...@us.ibm.com From: Justin Richer <jric...@mitre.org> To: Todd W Lainhart/Lexington/IBM@IBMUS, Cc: IETF oauth WG <oauth@ietf.org> Date: 07/19/2013 11:16 AM Subject: Re: [OAUTH-WG] Token introspection: "aud" field in introspection response The "aud" field came from JWT: http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-10#section-4.1.3 The links in section 2.2 are correct -- they link to the reference in section 6, which has the URL for the actual RFC of OAuth 2.0 there. I agree that it's a weird way to handle hyperlinks, but that's what the xml2rfc program outputs and I don't have control over that (that I'm aware of). -- Justin On 07/19/2013 11:05 AM, Todd W Lainhart wrote: http://tools.ietf.org/html/draft-richer-oauth-introspection-04#page-3 lists the "aud" field as an optional field in the introspection response. Could someone give examples of its intended use? Did this come from OIDC? Also Justin - it appears that the section links to the OAuth 2.0 spec in Section 2.2 are broken - they point back to the introspection doc. Todd Lainhart Rational software IBM Corporation 550 King Street, Littleton, MA 01460-1250 1-978-899-4705 2-276-4705 (T/L) lainh...@us.ibm.com _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
