Since there is no security boundary between profiles, the profile is just passed as a parameter to APIs rather than have it in the access token.
ᐧ On Thu, Nov 12, 2020 at 1:31 PM Jeff Craig <jeffcraig= 40google....@dmarc.ietf.org> wrote: > Hello OAuth WG, > > I am currently doing some research on APIs that have a Profile concept, > something akin to Netflix's profile support where there is a single account > with multiple sub-profiles. I am trying to determine how current APIs > handle this use case, and evaluate any common patterns or practices that > may exist today. > > Thanks. > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
