Re: [OAUTH-WG] OAuth 2.0 Token Introspection in RFC7662 : Refresh token?

Hello Bill, I'm just thinking out loud about possible scenarios for a protected resource here... It may decide to revoke a refresh token if a client application tried to use it instead of an access token when the protected resource is paranoid about security. In order to do that an introspection r

[OAUTH-WG] Conflicting definitions in JWT Response for OAuth Token Introspection

Hello, I'm wondering if the following conflicts in "JWT Response for OAuth Token Introspection" (draft 8 ) have already been pointed out. RFC 8707 (Resource Indicators for OAuth 2.0)