If its the client credentials - the resource owner (end user) is the client it self.
JWT is independent from OAuth - and its implementation in API - M is specific to WSO2. Thanks & regards, -Prabath On Fri, Nov 29, 2013 at 10:16 AM, Asela Pathberiya <[email protected]> wrote: > Hi All, > > Our current OAuth implementation issues JWT token when validating an OAuth > token that is granted by client credential grant type. This JWT token > contains end user name and user's attributes. Please refer jira [1]. > > 1. How we are identifying the authorized user and claims in the JWT token > when client credential grant type is used? > > 2. Can we find any thing related to this in the OAuth specification? If, > Please point me. I could not still find. > > IMO, It seems to be that It could not be returned end user and user's > attribute with this grant type. Please correct me, if wrong. > > [1] https://wso2.org/jira/browse/APIMANAGER-1329 > > Thanks, > Asela. > > -- > Thanks & Regards, > Asela > > ATL > Mobile : +94 777 625 933 > -- Thanks & Regards, Prabath Mobile : +94 71 809 6732 http://blog.facilelogin.com http://blog.api-security.org
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
