I prefer “cid” as the claim name rather than trying to match the parameter name.
John B. > On Jun 20, 2016, at 6:22 PM, Justin Richer <[email protected]> wrote: > > +1 for “cid”, consistent with other JWT claims. > > — Justin > >> On Jun 20, 2016, at 5:21 PM, Brian Campbell <[email protected]> >> wrote: >> >> There is a somewhat poorly worded open issue in Token Exchange about being >> able to represent the client in the token. >> >> There is currently no standard claim for the client in JWT while Token >> Introspection defines a "client_id" parameter. It's maybe not the ideal >> place for it but Token Exchange could define such a claim for JWT. >> >> I'm looking for some feedback from the WG on if/how to proceed with this in >> Token Exchange. As I see it, there are basically 3 options: >> >> 1) Define and register a "client_id" JWT claim (consistent with the name in >> Token Introspection) to carry the client id of the OAuth 2.0 client that >> requested the token. >> >> 2) Define and register a "cid" JWT claim (consistent with the shorter names >> typical for JWT) to carry the client id of the OAuth 2.0 client that >> requested the token. >> >> 3) Do not define/register any new JWT claim for the client identifier (in >> the Token Exchange draft anyway). >> >> Feedback/preferences would be appreciated from the WG so as to make some >> progress on the draft. >> >> If pressed, I guess I'd lean towards option #1 myself. >> >> >> >> _______________________________________________ >> OAuth mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
