Hi,
both options are viable. It depends on the purpose the token is used for
in a particular deployment, esp. whether it carries the data about the
resource and it owner or whether it merely represents the authorization
of the particular client.
regards,
Torsten.
Am 15.11.2012 21:03, schrie
Hi "Security Developer" ;-)
the JWT specification can be found at
http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-05. The resource
owner's identifier goes into the claim. Information about the client
identifier is not carried in a standardized format inside the JWT.
We have not st
Hi,
If an access token is either SAML or JWT in OAuth then what would be the
value in subject either resource owner or client application name?
Thanks for your time.
Regards,
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/o
