One potential benefit of keeping the use of Token Exchange is that some AS
products/implementations have built a fair amount of configurability and
extensibility into their Token Exchange support, which might allow for
existing systems to be set up to do Transaction Tokens. Whereas a new
endpoint
I volunteered to review the OAuth 2.0 Protected Resource Metadata
(https://www.ietf.org/archive/id/draft-ietf-oauth-resource-metadata-03.html) at
the IETF 119 meeting.
First, I would like to thank the authors, Mike, Phil and Aaron, for creating
this draft. It solves an important problem and I
Hi,
that is my thought as well. It does not necessarily be a Token Exchange
profile, but the Token endpoint makes sense as Tokens are issued. Defining a
specific Token grant with the necessary input parameters would fit nicely.
Best regards,
Kai
From: OAuth on behalf of Dmitry Telegin