That was my first thought, but since we only have one AS, isn't just this
just OAuth but switching up which is the RS and which is the user agent?
Why wouldn't the third party just request a client_credentials grant for
the RS using the appropriate audience?
On Sat, May 18, 2024, 16:52 Thomas Bro
Isn't that covered by Token Exchange already?
https://datatracker.ietf.org/doc/html/rfc8693
Le sam. 18 mai 2024, 16:29, Igor Janicijevic a écrit :
> Dear All,
>
>
>
> I have published an Internet Draft document that I would like to introduce
> to the OAuth working group for consideration. Here i
Dear All,
I have published an Internet Draft document that I would like to introduce to
the OAuth working group for consideration. Here is the link for your reference:
https://www.ietf.org/archive/id/draft-janicijevic-oauth-b2b-authorization-00.html
Abstract
Delegated B2B Authorization enable
