[OAUTH-WG] Use cases for Audience Restricted tokens + AS and RS "discovery"

George Fletcher Fri, 18 Mar 2016 22:40:50 -0700

Goals:

1. Help the client not send a token to the "wrong" endpoint
   a. wrong AS /token endpoint
   b. evil RS endpoint(s)

2. Allow good RS to determine if the token being validated was intendedfor that RS


Other high-level goals?

Use cases:

1. RS that supports multiple AS (we've had this in production since 2011)
2. RS rejects token not issued for use at the RS

3. Client that dynamically supports new RS (say any client that supportsthe jabber API)

4. Client that dynamically supports new AS

Feel free to add to the list :)

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

[OAUTH-WG] Use cases for Audience Restricted tokens + AS and RS "discovery"

Reply via email to