+1 I think it helps connect the dots for folks that don't have all the specs paged into context. I was going to add a non-normative example in a future update as I already have been asked this a few times. I can open a Github issue to track.
-Karl On Fri, Dec 5, 2025 at 8:52 AM Brian Campbell <bcampbell= [email protected]> wrote: > Agree with Aaron's perspective here. But it might be useful to have a > small note saying as much. I wonder if we should also consider > describe/define using the authorization_details claim in the ID-JAG similar > to scope? > > On Fri, Dec 5, 2025 at 9:24 AM Aaron Parecki <aaron= > [email protected]> wrote: > >> Yes, RAR can definitely be layered onto this flow. Section 3 of RAR says >> "The authorization_details authorization request parameter can be used to >> specify authorization requirements in all places where the scope parameter >> is used for the same purpose" >> https://datatracker.ietf.org/doc/html/rfc9396#section-3 >> >> It's not strictly necessary to list authorization_details as a supported >> parameter in the Token Exchange request and in the ID-JAG claims in order >> to use it in those places, as they are already extensible. However if you >> think it would be helpful to have an explicit pointer to RAR I can >> definitely add it. >> >> Aaron >> >> >> On Fri, Dec 5, 2025 at 12:26 AM Judith Kahrer <judith.kahrer= >> [email protected]> wrote: >> >>> Hi, >>> >>> I have another thought about processing the ID-JAG... The ID-JAG is a >>> grant. As such, shouldn't it support RAR (RFC 9396 >>> <https://datatracker.ietf.org/doc/html/rfc9396#name-authorization-request> >>> )? >>> For example, add authorization_details as an optional claim in the list >>> of claims in section 3 and as a parameter to the relevant request and >>> responses. >>> >>> Best regards, >>> Judith >>> _______________________________________________ >>> OAuth mailing list -- [email protected] >>> To unsubscribe send an email to [email protected] >>> >> _______________________________________________ >> OAuth mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> > > *CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged material for the sole use of the intended recipient(s). Any > review, use, distribution or disclosure by others is strictly prohibited. > If you have received this communication in error, please notify the sender > immediately by e-mail and delete the message and any file attachments from > your computer. Thank you.*_______________________________________________ > OAuth mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
