Thank you. Thats what I thought. Is it just assumed JWT would/might be
used an access token format for Bearer token auth? Or is there another
draft somewhere for that? Is anybody out there using JWS + JWT as a
access token format?
On 4/25/2014 2:59 PM, Brian Campbell wrote:
draft-ietf-oauth-jwt-bearer is only about interactions (client
authentication and JWT as an authorization grant) with the token
endpoint and doesn't define JWT style access tokens.
On Fri, Apr 25, 2014 at 12:51 PM, Bill Burke <bbu...@redhat.com
<mailto:bbu...@redhat.com>> wrote:
Red Hat Keycloak [1] only supports basic auth for client
authentication as suggested in the OAuth 2 spec. But our access
tokens are JWS signed JWTs.
Does draft-ietf-oauth-jwt-bearer relate to OAuth Bearer token auth
[2]? Or is there another document I should be following? I'd like
to see what other claims are being discussed related to JWT-based
access tokens and may have some additional access token claims we've
been experimenting with others might be interested in.
Also, I'm not sure yet if we'll implement
draft-ietf-oauth-jwt-bearer to authenticate clients. A lot of our
initial users are more interested in public clients and/or the
implicit flow as they are writing a lot of pure javascript apps
served up by simple static web servers.
[1] http://keycloak.org
[2] http://tools.ietf.org/html/__rfc6750
<http://tools.ietf.org/html/rfc6750>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
