On 06/05/2019 20:32, Vittorio Bertocci wrote: > To that end, *Karl MCGuinness suggested that we include > grant_type as a return claim, which the RS could use to the same effect*. I > find the proposal very clever, and the people at IIW thought so as well. > What you think?
The grant type is not something that the RS is really concerned with, or should be. Introducing this parameter in the access token will create an additional logical dependency, plus complexity - in the system of client, AS and RS as a whole, as well as for RS developers. The grant type, as a concept, is a matter between the client and AS, and IMO should stay that way. Clear language in the spec should suffice. For instance: "If the sub value matches the client_id value, then the subject is the client application". Vladimir -- Vladimir Dzhuvinov _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
