Hi Nikos, Thanks for looking into this! The profile aims at reflecting currently adopted practice as much as it is viable, and the overwhelming majority of the use cases involving access tokens today relies on bearer tokens. Note: although there's no practical difference between versions in the matter you brought up here, in general I recommend referring to the latest draft: we are currently on version 12 (https://tools.ietf.org/html/draft-ietf-oauth-access-token-jwt-12).
-----Original Message----- From: OAuth <oauth-boun...@ietf.org> On Behalf Of Nikos Fotiou Sent: Thursday, April 1, 2021 12:11 PM To: oauth <oauth@ietf.org> Subject: [OAUTH-WG] About JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens Hi, By reading this draft (https://tools.ietf.org/html/draft-ietf-oauth-access-token-jwt-05) I got the impression that it implies using JWTs as bearer tokens, e.g., it does consider any of the semantics defined in RFC7800. Is this correct? If yes what was the rational behind this design choice? Thanks a lot, Nikos -- Nikos Fotiou - http://pages.cs.aueb.gr/~fotiou Researcher - Mobile Multimedia Laboratory Athens University of Economics and Business https://mm.aueb.gr _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
