An additional though: would it make sense to put the scope claim into the CWT instead of putting it into the oauth-authz framework?
From: Samuel Erdtman [mailto:[email protected]] Sent: 31 October 2017 10:46 To: Hannes Tschofenig Cc: [email protected] Subject: Re: [Ace] CWT - Scope Claim The framework does register a CWT 'scoop' claim, but I think it has to register it with JWT too to be correct. https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-08#section-8.5 //Samuel On Tue, Oct 31, 2017 at 10:28 AM, Hannes Tschofenig <[email protected]<mailto:[email protected]>> wrote: Hi all, I was wondering whether we should define a claim, scope, that captures the scope that was granted by the authorization server. Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ Ace mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/ace IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
