Hi,
I have a general question regarding creating new grant_types vs profiling
existing specs. Specifically, in the Native SSO for Mobile Apps spec (OpenID
Connect working group) I profiled RFC 8693 (Token Exchange) rather than create
a new grant_type. Similarly in the draft Transaction Token spec (IETF) we
profiled RFC 8693 for obtaining a new transaction token. That profile included
adding additional parameters beyond those identified in RFC 8693.
Often times, the implementation of a profile requires some creative coding
around the token exchange defined grant_type as each profile has different
validation and processing semantics. There isn’t a simple way to do a “switch”
statement (yes my C coding background coming out) for each of the profiles.
In that light, would it be better to just create new grant_types even if the
parameter sets are fairly similar.
Thanks,
George
_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org
