I will work to try and clarify in the next draft but would happily listen to suggestions.
On Mon, Apr 11, 2016 at 2:26 PM, Brian Campbell <[email protected]> wrote: > The intent is that urn:ietf:params:oauth:token-type:access_token be an > indicator that the token is a typical OAuth access token issued by the AS > in question, opaque to the client, and usable the same manner as any other > access token obtained from that AS (it could well be a JWT but the client > isn't and needn't be aware of that fact). Whereas > urn:ietf:params:oauth:token-type:jwt is to indicate that a JWT specifically > is being requested or sent (perhaps in a cross-domain use case to get an > access token from a different AS like is facilitated by RFC 7523). > > Is that helpful at all? > > I agree that it can be confusing. But it's representative of the kinds of > tokens and their usages out there now. So, needs to be allowed. I'd welcome > ideas about how the language could be improved to help alleviate some of > the confusion though. > > On Mon, Apr 11, 2016 at 7:25 AM, Adam Lewis < > [email protected]> wrote: > >> Hi, >> >> There are multiple places in draft-ietf-oauth-token-exchange-04 where a >> differentiation seems to be drawn between 'access_token' and 'jwt' ... for >> example in section 2.2.1. when discussing the issued_token_type, it states: >> >> a value of "urn:ietf:params:oauth:token-type:access_token" indicates >> >> that the issued token is an access token and a value of >> "urn:ietf:params:oauth:token-type:jwt" indicates that it is a JWT. >> >> >> This is confusing to me because an access token represents a delegated >> authorization decision, whereas JWT is a token *format*. An access token >> could easily be a JWT (and in many deployments, they are). >> >> >> So why the desire to differentiate, and what does the differentiation mean? >> >> >> >> tx! >> adam >> >> >> _______________________________________________ >> OAuth mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/oauth >> >> >
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
