The Id_token is audienced to the client. It is not sent to a resource server. In a4c there may be no access token or resource server.
The id_token is not opaque to the client. John B. Sent from my iPhone > On Jun 12, 2014, at 4:04 AM, Hannes Tschofenig <hannes.tschofe...@gmx.net> > wrote: > > Torsten, > > nobody suggested that the access token would suddenly not be opaque to > the client. > > The question therefore is whether the id token is not opaque to the > client. Is that the assumption? > >> On 06/05/2014 09:39 PM, Torsten Lodderstedt wrote: >> >> the access token is opaque to the client. That's great! Let's keep it >> that way. > > Ciao > Hannes > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth