Hi list,
I'm the author a OAuth2 client library[1]. I received a feature request
to support the "audience" parameter on client_credentials, as seen on
the following two server implementations:
* Auth0:
https://auth0.com/docs/api/authentication?http#authorization-code-flow-with-pkce45
* Kinde:
https://kinde.com/docs/build/get-access-token-for-connecting-securely-to-kindes-api/
Is this parameter based on any standard or draft or are these
non-standard vendor extensions? I'm hesitant blindly adding support for
these without understanding the security implications.
Evert
[1]: https://github.com/badgateway/oauth2-client
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
