Hi all,

I I’m wondering why draft-ietf-oauth-token-exchange-12 defines a claim „scp“ to 
carry scope values while RFC 7591 and RFC 7662 use a claim „scope“ for the same 
purpose. As far as I understand the text, the intension is to represent a list 
of RFC6749 scopes. Is this correct? What’s the rationale behind?

Different claim names for representing scope values confuse people. I realized 
that when one of our developers pointed out that difference recently. 

best regards,

Attachment: smime.p7s
Description: S/MIME cryptographic signature

OAuth mailing list

Reply via email to