If I understand correctly, there are multiple devices with clients with the
same client_id involved and you want to revoke individual devices when
needed. You also do not want to store the password.
In a sense, the JWT is working like a device specific password with
distributed verifier. This is a
Maybe I'm missing the bigger picture but, if your going back to the same AS
like the diagram shows, why not just request the xyz scope in the initial
request and cut out the middle steps?
More generally I can say I've thought about these kinds of token exchange
cases and they should be possible in
FYI, I have been writing HoK for JWT/JWS Token by introducing a new claim
'cid'.
=nat via iPhone
Dec 14, 2012 11:56、"zhou.suj...@zte.com.cn" のメッセ�`ジ:
Yep, could do it soon later.
Currently, I suggest a modification for
"The token service is the assertion issuer; its role is to fulfill
requ