Please don’t use RAR as a pandora’s box to introduce unrelated new semantics,
including issuing multiple access tokens.
-- Mike
From: OAuth <[email protected]> On Behalf Of Dick Hardt
Sent: Monday, January 13, 2020 5:32 PM
To: Torsten Lodderstedt <[email protected]>; Brian Campbell
<[email protected]>; Justin Richer <[email protected]>
Cc: [email protected]
Subject: [EXTERNAL] [OAUTH-WG] RAR & multiple resources?
Torsten / Justin / Brian
In my reading of the ID, it appears that there is a request for just one access
token, and the authorization_details array lists one or more resources that the
one access token will provide access to. Correct?
I have heard anecdotally that there is interest in granting access to multiple
resources, and having multiple access tokens, which would enable different
components of a client to have different access tokens.
Do you consider multiple access tokens out of scope of RAR?
/Dick
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth