Re: [OAUTH-WG] draft-bertocci-oauth-access-token-jwt-00

Do we know if there is a justifying use case for auth_time, acr, and amr to be available in OAuth JWT access tokens? These are meant to be messages about the client, either directly (in the case of client credentials) or about its delegated authorization of the user. Embedding attributes about

Re: [OAUTH-WG] draft-bertocci-oauth-access-token-jwt-00

Thanks for writing this up. One comment on auth_time... auth_time OPTIONAL - as defined in section 2 of [OpenID.Core ]. Important: as this claim represents the time at which the end user authen

[OAUTH-WG] Early IANA registration for Token Exchange Draft

Hi all The authors of the token exchange draft asked IANA for an early registration of URIs and parameters, token types, claims, etc. IANA asked me for review and I unfortunately do not know (or remember) why this early registration is needed. Any reason to do this early registration? Ciao Ha