Hi Taka, > On 1. Mar 2020, at 08:10, Takahiko Kawasaki <t...@authlete.com> wrote: > > Hello, > > I'm wondering if the following conflicts in "JWT Response for OAuth Token > Introspection" (draft 8) have already been pointed out. > > RFC 8707 (Resource Indicators for OAuth 2.0) requires that 'aud' in an > introspection response hold the values of the 'resource' request parameters, > whereas "JWT Response for OAuth Token Introspection" says that 'aud' MUST > identify the resource server receiving the token introspection response. The > definitions conflict.
RFC 8707 states The authorization server may use the exact "resource" value as the audience or it may map from that value to a more general URI or abstract identifier for the given resource. draft-ietf-oauth-jwt-introspection-response-08 states The value of the "aud" claims MUST identify the resource server receiving the token introspection response. So RFC 8707 gives choices of how the resource server might be identified and draft-ietf-oauth-jwt-introspection-response-08 says the AS must identify the RS without prescribing any particular way. So basically you can use the advice given by RFC 8707 to implement the requirement stated by draft-ietf-oauth-jwt-introspection-response-08. I don’t see a conflict. > > RFC 7662 (OAuth 2.0 Token Introspection) requires that 'iat' in an > introspection response indicate when the access/refresh token was issued, > whereas "JWT Response for OAuth Token Introspection" says that 'iat' > indicates when the introspection response in JWT format was issued. The > definitions conflict. I will come back to this issue in an answer to Filip’s post. best regards, Torsten. > > Best Regards, > Takahiko Kawasaki > Authlete, Inc. > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
