Dear Dhaura, My recommendation to you (undergraduate? LinkedIn says so) is to investigate the following as the first step.
- ID Token (OpenID Connect Core 1.0, Section 2) - UserInfo Endpoint (OpenID Connect Core 1.0, Section 5.3) In general, inventing a new grant type should be the last resort. Best Regards, Takahiko Kawasaki On Sun, Apr 3, 2022 at 3:35 PM David Waite <david= 40alkaline-solutions....@dmarc.ietf.org> wrote: > > On Apr 1, 2022, at 3:24 AM, Dhaura Pathirana <dhaurapathir...@gmail.com> > wrote: > > I would like to know if anyone has seen this (listing token metadata) as a > common use case in OAuth2 and a standard way of doing it had been proposed > before? > > > OAuth Token Introspection (RFC 7662) defines a way to query for active > state and meta-info. > > However, its use is defined only for protected resources, and not the > resource owner or the client the token was issued to. > > -DW > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
