The question of if the act and may_act claims defined in Token Exchange should also be registered/defined for Introspection Endpoint responses was raised on this list a while back. Not much was said about it at the time but I did put an issue in github to keep track of it. I'd like to close out that issue and I believe that it does make sense to also register those two claims as Introspection Response members.
Do any WG members have strong feelings one way or the other about that? In the absence of strong objections, I plan to make the change in the next revision.
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
