+1 plus Anthony's caveats.
The draft seems to provide a good reference for implementors by providing
how different ASes are using JWT as the access token format. As well as
providing valuable information about validation and security considerations..
Regards.
Pedro Igor
On Wed, Apr 10, 2019 at 8
+1
On Mon, Apr 8, 2019 at 10:07 AM Hannes Tschofenig
wrote:
> Hi all,
>
> this is the call for adoption of the 'JWT Usage in OAuth2 Access Tokens'
> document following the positive feedback at the last IETF meeting in Prague.
>
> Here is the document:
> https://tools.ietf.org/html/draft-bertocci
+1
For that matter, explicit typing is good and I am a bit ambivalent on the use
of `sub`.
Also, I need to add the 4th consideration: Although the current privacy
consideration is stating about the encryption, it is in relation to the end
user exposure. In fact, the by-value access token whe
I support adoption of this draft as a working group document with the following
caveats:
1. These are not to be used as ID Tokens/authentication tokens
2. The privacy issues must be addressed
3. Needs to be extensible, much like ID-Token, can't be 100% fixed
-Original Message-
From:
