Torsten / Justin / Brian In my reading of the ID, it appears that there is a request for just one access token, and the authorization_details array lists one or more resources that the one access token will provide access to. Correct?
I have heard anecdotally that there is interest in granting access to multiple resources, and having multiple access tokens, which would enable different components of a client to have different access tokens. Do you consider multiple access tokens out of scope of RAR? /Dick
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth