Torsten, nobody suggested that the access token would suddenly not be opaque to the client.
The question therefore is whether the id token is not opaque to the client. Is that the assumption? On 06/05/2014 09:39 PM, Torsten Lodderstedt wrote: > > the access token is opaque to the client. That's great! Let's keep it > that way. Ciao Hannes
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
