Hi Adam,
Thx for this interresting information. Did you consider, just using OIDC for
both, authentication and authorization?
As the JWT-based id_token can contain self-defined claims and as the current
spec gives us a way to exchange one token for another, which allows us for
(SAML/WS-Trust-l
The SAML IdP issuing the assertion would need to collect the authorization.
Given that something approximating 0 SAML IdP do this out of the box you are
going to wind up with something relatively custom.
In general if you want to collect consent use a regular code flow and have the
AS use wha
