The IESG has approved the following document: - 'JWT Response for OAuth Token Introspection' (draft-ietf-oauth-jwt-introspection-response-12.txt) as Proposed Standard
This document is the product of the Web Authorization Protocol Working Group. The IESG contact persons are Benjamin Kaduk and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-introspection-response/ Technical Summary This draft proposes an additional JSON Web Token (JWT) based response for OAuth 2.0 Token Introspection. Working Group Summary The document received many reviews and feedback from multiple WG members on the mailing list and during the WG meetings. During initial IESG review, it received a DISCUSS that required a change of sufficient scope that that it was returned to the WG. The WG addressed the issue and the document again went through WGLC and IETF LC. The proposed change moves the data of the introspected token into a top-level JWT claim to allow for the separation of the carrier JWT claims from the actual token introspection response claims. Document Quality: The document has been implemented by the following: * node.js OSS oidc-provider implements the document in full behind an optional feature toggle https://github.com/panva/node-oidc-provider/blob/master/docs/README.md#featuresjwtintrospection * connect2id has an implementation: https://connect2id.com/products/server/docs/api/token-introspection * ForgeRock: https://github.com/ForgeRock/PSD2-Accelerators/tree/yes.com/openig/yes-openig-signed-introspect-filter Personnel: The document shepherd is Rifaat Shekh-Yusef. The responsible Area Director is Roman Danyliw. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
