On 2023-04-18 02:51, Vittorio Bertocci wrote:
Hi Evert,
The audience parameter isn’t standard- it was implemented before a
standard modeling the corresponding concept (resource indicators) was
introduced in
https://www.rfc-editor.org/rfc/rfc8707.html.
Audience is mostly an alias of the resource parameter, hence i
wouldn’t be too worried about implementing it security wise. Just take
a look at the security section of the spec above (and the spec in
geber) and make sure you take it into account.
Thanks for the replies! I have a path forward.
Evert
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
