I think we might be crossing wires about input to the token
introspection endpoint vs. output from it.
In OpenID Connect, you send a JWT in, and get back a JSON object that
represents the Claims bit of the JWT.
In our implementation (and I think both Ping and AOL's), you send in an
arbitrary token (with no proscribed format) and get back a JSON object
with different pieces in it. Ours included a list of scopes and an
expiration timestamp, others did different things, like audience and
issuer, as part of the return.
The point I was trying to make is that the information returned from the
AS-PR interface isn't necessarily embedded inside of the token used to
call that interface. In OpenID Connect, it is, and the CheckID endpoint
just unwraps the JWT for you. In the larger case, what's really going on
is that the PR presents a token that it's not sure what it's good for
and gets back something that answers that question. Since a JWT Claims
section can be an arbitrary JSON object (for all intents and purposes),
you could use a JWT as the output of the introspection endpoint as well.
-- Justin
On 04/18/2012 04:10 PM, Torsten Lodderstedt wrote:
Hi Justin,
I refered to the data format used at the AS-PR interface. According to
your description, you use JSON objects there. What data does such an
object contain? Is this any different from a JSON Web Token (leaving
aside digital signatures and encryption)?
regards,
Torsten.
Am 18.04.2012 22:01, schrieb Justin Richer:
Not all implementations in the field that do this are using JWTs as
the tokens. Ours in particular used a random blob with no structured
information in it. The endpoint returned a JSON object.
-- Justin
On 04/18/2012 03:53 PM, Torsten Lodderstedt wrote:
Hi all,
is there enough experience in the field with such an interface to
standardize it?
I would expect such an endpoint to return the same payload, which is
carried in a JSON Web Token. So once we designed the JSON Web Tokens
content, designing the AS-PR interface could be the next logical
step (after the next re-charting).
regards,
Torsten.
Am 16.04.2012 21:04, schrieb Justin Richer:
OK, but with SWD and discovery off the table, can this now be
considered to be within that manageable number instead?
We wanted to keep the # of WG items to approximately 5. Once we
finish
some of these items and get them off our plate we could roll new
items
onto the plate, theoretically.
That's definitely true going forward, but what I was saying is that
the number of items under consideration is now down to 4, with SWD
moving to the Apps group. I was proposing that the whole
introspection endpoint and general AS-PR connection could be this
group's fifth starting document.
-- Justin
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
