Hi, Does the WG plan to include OIDC id_tokens within the scope of the HOTK/POP work? I've scanned through all of the existing HOTK/POP drafts and none make any reference to id_tokens. Is this effort going to be scoped strictly to access tokens?
I am at a cross road right now where I'm considering using id_tokens in lieu of access_tokens within our API calls (as we were never using the access tokens for authorization anyway, but rather had profiled the AT to look identical to an id_token for authentication, and now that OIDC is complete ... you get the idea), ... BUT ... we want HOTK/POP badly, and I don't want to design ourselves out of leveraging that work as it materializes. -adam
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
