Yeah, I believe that logically follows from the definition of token_type in introspection and RFC 6749.
Do y'all think it needs to be mentioned in DPoP though? I'm not sure, to be honest. On Mon, Aug 16, 2021 at 5:46 AM Justin Richer <jric...@mit.edu> wrote: > Yes, it should be. Good catch. > > -Justin > ________________________________________ > From: OAuth [oauth-boun...@ietf.org] on behalf of Vladimir Dzhuvinov [ > vladi...@connect2id.com] > Sent: Sunday, August 15, 2021 12:02 PM > To: oauth@ietf.org > Subject: [OAUTH-WG] DPoP 03 - introspection - token_type? > > The token introspection RFC defines the optional "token_type" member and > I just noticed that draft-ietf-oauth-dpop-03 doesn't mention it. > > https://datatracker.ietf.org/doc/html/rfc7662#section-2.2 > > Would it be sensible to mention that if the "token_type" gets set in a > introspection response, it must be "DPoP"? > > https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop-03#section-6.2 > > Vladimir > > -- > Vladimir Dzhuvinov > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth