Hi,
both options are viable. It depends on the purpose the token is used for
in a particular deployment, esp. whether it carries the data about the
resource and it owner or whether it merely represents the authorization
of the particular client.
regards,
Torsten.
Am 15.11.2012 21:03, schrie
Hi "Security Developer" ;-)
the JWT specification can be found at
http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-05. The resource
owner's identifier goes into the claim. Information about the client
identifier is not carried in a standardized format inside the JWT.
We have not st
