Hi Nikos,The "error_description" can be used to explain the expected token issuer and other facts to client developers.
https://datatracker.ietf.org/doc/html/rfc6750#section-3If you want to give client software the ability to respond programmatically this will require some sort of a proprietary extension.
Vladimir Vladimir Dzhuvinov On 11/12/2021 12:35, Nikos Fotiou wrote:
Hi, I have a use case where a resource server is protected and can only be accessed if a JWT is presented. Is there any way for the server to "indicate" the "expected" format of the JWT. For example, respond to unauthorized requests with something that would be translated into "I expect tokens form iss X with claims [A,B,C]" Best, Nikos -- Nikos Fotiou - http://pages.cs.aueb.gr/~fotiou Researcher - Mobile Multimedia Laboratory Athens University of Economics and Business https://mm.aueb.gr _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth