IAM Team, We've implemented XACML based scope authorization during access token validation phase. However, it is also important to do this authorization during authorization_code, access_token, refresh_token and id_token, issuing phase IMO. Especially for self-contained token use cases, we need to encode the authorized scopes into the JWT token.
Thoughts? Thanks & Regards, Johann. -- *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect | WSO2 Inc. (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) joh...@wso2.com [image: Signature.jpg]
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
