Hello, As an implementor, I considered that JWT is a way to serialize token claims so for me - JWT Profile for OAuth 2.0 Access Tokens became Rich Token Profile for OAuth 2.0 Access Tokens. I have implemented different token encoders (JWT / CWT / PASETO / Macaroon) which are all finally just rich tokens (with claims) encoded using a defined transport format.
Rich Tokens (authorization by value/claims) are the opposite of flat tokens (opaque tokens for authorization by reference). Regards, Le ven. 2 avr. 2021 à 21:18, <vittorio.bertocci=40auth0....@dmarc.ietf.org> a écrit : > Hi Nikos, > Thanks for looking into this! > The profile aims at reflecting currently adopted practice as much as it is > viable, and the overwhelming majority of the use cases involving access > tokens today relies on bearer tokens. > Note: although there's no practical difference between versions in the > matter you brought up here, in general I recommend referring to the latest > draft: we are currently on version 12 > (https://tools.ietf.org/html/draft-ietf-oauth-access-token-jwt-12). > > -----Original Message----- > From: OAuth <oauth-boun...@ietf.org> On Behalf Of Nikos Fotiou > Sent: Thursday, April 1, 2021 12:11 PM > To: oauth <oauth@ietf.org> > Subject: [OAUTH-WG] About JSON Web Token (JWT) Profile for OAuth 2.0 Access > Tokens > > Hi, > By reading this draft > (https://tools.ietf.org/html/draft-ietf-oauth-access-token-jwt-05) I got > the > impression that it implies using JWTs as bearer tokens, e.g., it does > consider any of the semantics defined in RFC7800. Is this correct? If yes > what was the rational behind this design choice? > > Thanks a lot, > Nikos > > -- > Nikos Fotiou - http://pages.cs.aueb.gr/~fotiou Researcher - Mobile > Multimedia Laboratory Athens University of Economics and Business > https://mm.aueb.gr > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- Thibault Normand "Il existe moins bien mais c'est plus cher !" http://www.zenithar.org
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
