On Thu, May 14, 2020 at 04:29:43PM +0200, Denis wrote: > > Since then, I questioned myself how a client would be able to request an > access token that would be > *strictly compliant with this Profile*.
I don't understand why this is an interesting question to ask. The access token and interpretation thereof is (AIUI) generally seen as an internal matter between AS and RS, with the client having no need to care about the specifics. To my knowledge, this WG has not previously given guidance indicating that the client should be involved or specifics for how to do so, and I do not remember seeing WG agreement that this should change. -Ben _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
