The HTTP Working Group opened an issue for discussion in relation to the
updated HTTP semantics specification. The core of the issue is the format of
the “Authorization” header, which of course gets used by the “Bearer” scheme
defined in RFC6750.
https://github.com/httpwg/http-core/issues/733
Hi Vladimir,
What would be a value in the aud claim for refresh tokens?
Regards,
Andrii
On Tue, Feb 9, 2021 at 3:06 AM Vladimir Dzhuvinov
wrote:
> Hi Warren,
> On 08/02/2021 17:59, Warren Parad wrote:
>
> None of that justified explicitly stating that refresh token introspection
> shouldn't b
Thank you for the response! Unfortunately, I'm still not convinced that
there is no need for nonce.
Based on the draft, I don't know how it's possible to achieve a “stronger
assurance that the authorizationserver issued the token introspection
response for an access token, includingcases where t
