Absolutely -- you can have a random blob token or anything else. We
picked the field names to be consistent with JWT where it made sense.
-- Justin
On 07/19/2013 11:36 AM, Todd W Lainhart wrote:
Thanks. Is it assumed/valid that the "aud" field can be used in
non-JWT environs?
*
Todd Lainhart
Rational software
IBM Corporation
550 King Street, Littleton, MA 01460-1250**
1-978-899-4705
2-276-4705 (T/L)
[email protected]*
From: Justin Richer <[email protected]>
To: Todd W Lainhart/Lexington/IBM@IBMUS,
Cc: IETF oauth WG <[email protected]>
Date: 07/19/2013 11:16 AM
Subject: Re: [OAUTH-WG] Token introspection: "aud" field in
introspection response
------------------------------------------------------------------------
The "aud" field came from JWT:
_
__http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-10#section-4.1.3_
The links in section 2.2 are correct -- they link to the reference in
section 6, which has the URL for the actual RFC of OAuth 2.0 there. I
agree that it's a weird way to handle hyperlinks, but that's what the
xml2rfc program outputs and I don't have control over that (that I'm
aware of).
-- Justin
On 07/19/2013 11:05 AM, Todd W Lainhart wrote:
_http://tools.ietf.org/html/draft-richer-oauth-introspection-04#page-3_lists
the "aud" field as an optional field in the introspection response.
Could someone give examples of its intended use? Did this come from OIDC?
Also Justin - it appears that the section links to the OAuth 2.0 spec
in Section 2.2 are broken - they point back to the introspection doc.
*
Todd Lainhart
Rational software
IBM Corporation
550 King Street, Littleton, MA 01460-1250**
1-978-899-4705
2-276-4705 (T/L)**_
_**[email protected]_* <mailto:[email protected]>
_______________________________________________
OAuth mailing list
[email protected]_ <mailto:[email protected]>
_https://www.ietf.org/mailman/listinfo/oauth_
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
