Multiple access tokens are outside the scope of RAR. The request is intended to describe the access for a single returned access token. If semantics for multiple access tokens are agreed upon, then it can use the RAR structure, the Resources parameter, and the Scope parameter all in parallel again.
— Justin > On Jan 13, 2020, at 8:31 PM, Dick Hardt <dick.ha...@gmail.com> wrote: > > Torsten / Justin / Brian > > In my reading of the ID, it appears that there is a request for just one > access token, and the authorization_details array lists one or more resources > that the one access token will provide access to. Correct? > > I have heard anecdotally that there is interest in granting access to > multiple resources, and having multiple access tokens, which would enable > different components of a client to have different access tokens. > > Do you consider multiple access tokens out of scope of RAR? > > /Dick _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth