Brian,
You are the expert on the particular IANA registries so I probably are missing
something.
I was thinking that registering JWT claims to OAuth registry is sufficient till
seeing Ben’s comment, and I was tracking that it is being done by Mike as part
of the errata process for OIDC Core. H
Agreed.
On the related issue, issue of exporting the access token that a confidential
client got to a public client is there as it was discussed in the Friday’s
Oauth WG meeting. Though I did not make any comment on Friday as we were
running out of time, I think that is a bad idea as the AuthZ
I'm honestly not sure I follow all that or how it would really work to
prevent name collisions. As a lipnus test, would the one real world
instance of the issue (name collision with 'aud') have been averted by this?
While my understanding is obliviously a requirement here, I do have more
familiari
