Thanks Aaron. I agree with your assessment.
On Mon, May 8, 2023 at 10:00 AM Aaron Parecki wrote:
> This errata is incorrect and should be rejected. RFC7523 defines two
> separate uses of JWTs, one is client authentication and the other is an
> authorization grant. When using RFC7523 as client au
This errata is incorrect and should be rejected. RFC7523 defines two
separate uses of JWTs, one is client authentication and the other is an
authorization grant. When using RFC7523 as client authentication, you can
use any type of authorization grant, including the token exchange grant.
See https:/
