On Sat, Nov 2, 2013 at 2:07 AM, Hannes Tschofenig <hannes.tschofe...@gmx.net> wrote: > > Item #3: As in the draft-ietf-oauth-jwt-bearer-06 this part is extremely > fluffy, except for the case where it talks about the client-id. What exactly > do I put into the field in the case of an authorization grant?
Similar to sub in the JWT draft [1], the fluff is intended to allow for cases where the subject alone can't or shouldn't directly identify someone. I'm open to changes that would help clarify usage (and I think that warrants a mention in Interoperability Considerations) but any such text needs to be reflective of reality too. [1] http://www.ietf.org/mail-archive/web/oauth/current/msg12250.html _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth