Re: [OAUTH-WG] RT treatment in Token Exchange

+1 to the proposed wording change. It's clear and allows for use cases where your inputs aren't as replayable as you might otherwise expect. -- Justin On 7/5/2016 2:15 PM, Brian Campbell wrote: I gave a short presentation about OAuth 2.0 Token Exchange

Re: [OAUTH-WG] RT treatment in Token Exchange

So I think the proposed wording is still too specific and limits the use case , I also don’t understand the usage of “credential” in your description as this does not have to be a credential. So suggest that this be simple and if you want you can explain in the security considerations section wh

[OAUTH-WG] RT treatment in Token Exchange

I gave a short presentation about OAuth 2.0 Token Exchange at a recent identity conference, which seemed well received and a lot of folks expressed their support for it and a desire to see support for i