draft-ietf-oauth-jwt-bearer is only about interactions (client authentication and JWT as an authorization grant) with the token endpoint and doesn't define JWT style access tokens.
On Fri, Apr 25, 2014 at 12:51 PM, Bill Burke <bbu...@redhat.com> wrote: > Red Hat Keycloak [1] only supports basic auth for client authentication as > suggested in the OAuth 2 spec. But our access tokens are JWS signed JWTs. > > Does draft-ietf-oauth-jwt-bearer relate to OAuth Bearer token auth [2]? > Or is there another document I should be following? I'd like to see what > other claims are being discussed related to JWT-based access tokens and may > have some additional access token claims we've been experimenting with > others might be interested in. > > Also, I'm not sure yet if we'll implement draft-ietf-oauth-jwt-bearer to > authenticate clients. A lot of our initial users are more interested in > public clients and/or the implicit flow as they are writing a lot of pure > javascript apps served up by simple static web servers. > > [1] http://keycloak.org > [2] http://tools.ietf.org/html/rfc6750 > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
