Hello, while studying draft 01 of the Identity Assertion JWT Authorization Grant, I started wondering how the fact that the IdP Authorization Server handles scopes for a different trust domain impacts the ecosystem like the authorization server metadata. To my understanding the IdP Authorization Server supports scopes for a different - possibly multiple - trust domains. Doesn't that affect the meaning of the scopes_supported property in the authorization server metadata? Shouldn't the IdP Authorization Server in its authorization server metadata also include which trust domains and what scopes for those trust domains it supports? Currently, section 6 "Authorization Server (IdP) Metadata" only specifies the urn:ietf:params:oauth:token-type:id-jag as a value for identity_chaining_requested_token_types_supported. I get the feeling that this is not enough. What do you think?
Best regards, Judith Kahrer
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
