Hello,
I'm actually very curious as well about this and the reasons for the
differences between the implementation and the current draft (grant_type value,
parameters, etc.).
Was this discussed somewhere already?
Regards,--
Bertrand CARLIER
From: OAuth On Behalf Of Lee McGovern
Sent: lundi
Hi Vittorio,
Very nice work !
Here are a few ideas:
- In addition to the "sub" claim (I agree it should only relate to the end
user, not the client_id), I think the scope claim should be mentioned as
OPTIONAL in §2.2 (it's already mentioned in other parts of the draft)
- Should we mention secur
Hello,
Depending on what is meant by “scenario to be supported from the authorization
server (platform) itself and not in the client app or resource server”, it may
be it difficult (or impossible) to achieve.
In the end, the resource server only applies token lifetime policy *if it
decides to d
