Hello,
I would like to request the OAuth2 working group on a clarification for
introspection, in particular regarding the semantics of the 'jti' and 'aud'
claims. The draft 'JWT Response for OAuth Token Introspection' seems ambiguous
in relation to RFC7662 and RFC7519. In particular sections 3
Hi Remco,
> On 6. Aug 2019, at 16:01, Schaar, R.M. (Remco) - Logius
> wrote:
>
> Hello,
>
> I would like to request the OAuth2 working group on a clarification for
> introspection, in particular regarding the semantics of the ‘jti’ and ‘aud’
> claims. The draft ‘JWT Response for OAuth Token
tion as well.
Kind regards,
Remco Schaar
-Oorspronkelijk bericht-
Van: Torsten Lodderstedt
Verzonden: zaterdag 17 augustus 2019 14:00
Aan: Schaar, R.M. (Remco) - Logius
CC: oauth@ietf.org
Onderwerp: Re: [OAUTH-WG] Question regarding
draft-ietf-oauth-jwt-introspection-response-05
of applicable parameters, to reduce the size of access tokens. Additional
> information can be exchanged via introspection, resulting in mixed JWT access
> tokens and introspection as well.
That’s all possible within the current text.
kind regards,
Torsten
>
> Kind regards,
> Re
cess token or
replay of an introspection response instead of neither.
Kind regards,
Remco schaar
-Oorspronkelijk bericht-
Van: Torsten Lodderstedt
Verzonden: woensdag 28 augustus 2019 11:14
Aan: Schaar, R.M. (Remco) - Logius
CC: oauth@ietf.org
Onderwerp: Re: [OAUTH-WG] Question regardi
u think?
best regards,
Torsten.
>
> Kind regards,
> Remco schaar
>
> -Oorspronkelijk bericht-
> Van: Torsten Lodderstedt
> Verzonden: woensdag 28 augustus 2019 11:14
> Aan: Schaar, R.M. (Remco) - Logius
> CC: oauth@ietf.org
> Onderwerp: Re: [OAUTH-WG] Questio
chaar
-Oorspronkelijk bericht-
Van: Torsten Lodderstedt
mailto:tors...@lodderstedt.net>>
Verzonden: woensdag 28 augustus 2019 11:14
Aan: Schaar, R.M. (Remco) - Logius
mailto:remco.sch...@logius.nl>>
CC: oauth@ietf.org<mailto:oauth@ietf.org>
Onderwerp: Re: [OAUTH-WG] Question regard
token
>> data (e.g. when was it issued by the AS) and the data belonging to the
>> representation in the introspection response (when was the response
>> created). Conceptually, this means we require two separat “iat" (alike)
>> claims to distinguish both aspects.
Torsten Lodderstedt
mailto:tors...@lodderstedt.net>>
Verzonden: woensdag 28 augustus 2019 11:14
Aan: Schaar, R.M. (Remco) - Logius
mailto:remco.sch...@logius.nl>>
CC: oauth@ietf.org<mailto:oauth@ietf.org>
Onderwerp: Re: [OAUTH-WG] Question regarding
draft-ietf-oauth-jwt-introspection
oth aspects.
>
> I could image two ways to handle this:
> - add another iat claim, e.g. “tir_iat", to the JWT
> - add another “iat" claim to the JWS header containing the instant when the
> token introspection response was created
>
> What do you think?
>
> bes
) - Logius
CC: oauth@ietf.org
Onderwerp: Re: [OAUTH-WG] Question regarding
draft-ietf-oauth-jwt-introspection-response-05
Hi Remco,
> On 31. Aug 2019, at 21:27, Schaar, R.M. (Remco) - Logius
> wrote:
>
> Hello Torsten,
>
> (my apologies for making a typo previously)
Thanks :-)
&g
11 matches
Mail list logo