One way to solve for which RO should AS engage to approve the TP request
could be to incorporate a new metadata element in the TP client
registration to specify the RO endpoint, or something like that. Maybe RAR
extension can also be used with the client_credential grant type to add
more details on
Hi Warren,
Just for reference, the #3 question was: How does the RO decide which scopes
to delegate to the TP client?
Let me try to answer that through an example.
RO client represents an organization that is a business customer of another
organization that acts as a resource server (RS). RO