To add to that, 3. If a device uses HTTP Token Exchange it can use both resource and audience parameters.
With the recent discussion and changes to the language in the resource indicators draft, does the token exchange spec need a unique audience parameter? S pozdravem, *Filip Skokan* On Thu, 7 Feb 2019 at 16:25, Hannes Tschofenig <hannes.tschofe...@arm.com> wrote: > Hi all, > > > > after re-reading token exchange, the resource indicator, and the > ace-oauth-params drafts I am wondering whether it is really necessary to > have different functionality in ACE vs. in OAuth for basic parameters. > > > > Imagine I use an Authorization Server and I support devices that use CoAP > and HTTP. > > > > 1. If a device uses CoAP then it has to use the req_aud parameter to > indicate to the authorization server that it wants to talk to a specific > resource server. It would either put a URI or a logical name there. > 2. If a device uses HTTP then it has to use either the resource > parameter to indicate to the authorization server that it wants to talk to > a resource server, which is identified using a URI, or the audience > parameter, if it uses a logical name. > > > > Ciao > Hannes > > > > > > > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
