I gave the -12 revision a read. Thanks for the great work Brian, Kristina and
Dr. Fett.
One thing that I find confusing is the term “Issuer-signed JWT”. Isn’t it
self-evident that a signed JWT is signed by its Issuer (that is its creator as
defined in the spec)? I think, the spec would read jus
I agree, I also think the intro is hard to read. There are some more points
that I want to add with regard to the introduction:
> The JSON-based representation of claims in a signed JWT is secured against
> modification using JWS digital signatures. A consumer of a signed JWT that
> has checke
you to better understand scope
management. This mailing list is not an appropriate place to discuss vendor
specifics, so if you want to provide feedback regarding our docs or product,
feel free to reach out. I will be happy to answer or forward your questions.
Judith Kahrer
Product Marketing Eng
part of the refresh token (anymore). Instead, maintain the
original scope list in the new refresh token.
Best regards,
Judith Kahrer
E: judith.kah...@curity.io
W: curity.io
> On 20 Feb 2024, at 07:35, Sachin Mamoru wrote:
>
> Hi All,
>
> When we request an access token using 3
