Am 27.10.22 um 14:11 schrieb Hollenbeck, Scott:
1. How do we address web service clients?
[PK] Please find attached my draft on Web Service Clients. Most of it is
based
on the concepts of the version 9. Scope "feature" is also included in the
proposal.
[SAH] I've been testing the proposed additions with my functionally-limited
RDAP server. I've found two minor things so far:
The tokens described in Section 4.2.5.2.1 should be placed in a named data
structure. "farv1_tokens" could work.
As described in RFC 6749, OP support for refresh tokens is OPTIONAL. As such,
return of the refresh_token should be OPTIONAL.
[PK] True. Good catch. I checked again in RFC 6749 and OIDC core and
this is the correct setup:
access_token REQUIRED.
token_type REQUIRED.
expires_in RECOMMENDED.
refresh_token OPTIONAL
id_token is a MUST element in OIDC core, but assuming our discussion
about PII, which can be present in ID token as well I think this one
should be OPTIONAL and up to RDAP server policy.
Kind Regards,
Pawel
_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext
