Please don’t use RAR as a pandora’s box to introduce unrelated new semantics,
including issuing multiple access tokens.
-- Mike
From: OAuth <oauth-boun...@ietf.org> On Behalf Of Dick Hardt
Sent: Monday, January 13, 2020 5:32 PM
To: Torsten Lodderstedt <tors...@lodderstedt.net>; Brian Campbell
<bcampb...@pingidentity.com>; Justin Richer <jric...@mit.edu>
Cc: oauth@ietf.org
Subject: [EXTERNAL] [OAUTH-WG] RAR & multiple resources?
Torsten / Justin / Brian
In my reading of the ID, it appears that there is a request for just one access
token, and the authorization_details array lists one or more resources that the
one access token will provide access to. Correct?
I have heard anecdotally that there is interest in granting access to multiple
resources, and having multiple access tokens, which would enable different
components of a client to have different access tokens.
Do you consider multiple access tokens out of scope of RAR?
/Dick
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
