Please don’t use RAR as a pandora’s box to introduce unrelated new semantics, including issuing multiple access tokens.
-- Mike From: OAuth <oauth-boun...@ietf.org> On Behalf Of Dick Hardt Sent: Monday, January 13, 2020 5:32 PM To: Torsten Lodderstedt <tors...@lodderstedt.net>; Brian Campbell <bcampb...@pingidentity.com>; Justin Richer <jric...@mit.edu> Cc: oauth@ietf.org Subject: [EXTERNAL] [OAUTH-WG] RAR & multiple resources? Torsten / Justin / Brian In my reading of the ID, it appears that there is a request for just one access token, and the authorization_details array lists one or more resources that the one access token will provide access to. Correct? I have heard anecdotally that there is interest in granting access to multiple resources, and having multiple access tokens, which would enable different components of a client to have different access tokens. Do you consider multiple access tokens out of scope of RAR? /Dick
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth