The only current draft that describes JWT as access tokens is the PoP draft: http://tools.ietf.org/html/draft-bradley-oauth-pop-key-distribution
That describes JWT access tokens and how to add PoP information. I don't think there is anything other than the JWT spec itself describing bearer JWT, though they would be like the PoP JWT without the proof key. Ping Federate has supported generating JWS access as a option for some time. John B. On Apr 25, 2014, at 4:51 PM, Bill Burke <bbu...@redhat.com> wrote: > Thank you. Thats what I thought. Is it just assumed JWT would/might be used > an access token format for Bearer token auth? Or is there another draft > somewhere for that? Is anybody out there using JWS + JWT as a access token > format? > > On 4/25/2014 2:59 PM, Brian Campbell wrote: >> draft-ietf-oauth-jwt-bearer is only about interactions (client >> authentication and JWT as an authorization grant) with the token >> endpoint and doesn't define JWT style access tokens. >> >> >> On Fri, Apr 25, 2014 at 12:51 PM, Bill Burke <bbu...@redhat.com >> <mailto:bbu...@redhat.com>> wrote: >> >> Red Hat Keycloak [1] only supports basic auth for client >> authentication as suggested in the OAuth 2 spec. But our access >> tokens are JWS signed JWTs. >> >> Does draft-ietf-oauth-jwt-bearer relate to OAuth Bearer token auth >> [2]? Or is there another document I should be following? I'd like >> to see what other claims are being discussed related to JWT-based >> access tokens and may have some additional access token claims we've >> been experimenting with others might be interested in. >> >> Also, I'm not sure yet if we'll implement >> draft-ietf-oauth-jwt-bearer to authenticate clients. A lot of our >> initial users are more interested in public clients and/or the >> implicit flow as they are writing a lot of pure javascript apps >> served up by simple static web servers. >> >> [1] http://keycloak.org >> [2] http://tools.ietf.org/html/__rfc6750 >> <http://tools.ietf.org/html/rfc6750> >> > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
