Please don’t use RAR as a pandora’s box to introduce unrelated new semantics, 
including issuing multiple access tokens.

                                                       -- Mike

From: OAuth <[email protected]> On Behalf Of Dick Hardt
Sent: Monday, January 13, 2020 5:32 PM
To: Torsten Lodderstedt <[email protected]>; Brian Campbell 
<[email protected]>; Justin Richer <[email protected]>
Cc: [email protected]
Subject: [EXTERNAL] [OAUTH-WG] RAR & multiple resources?

Torsten / Justin / Brian

In my reading of the ID, it appears that there is a request for just one access 
token, and the authorization_details array lists one or more resources that the 
one access token will provide access to. Correct?

I have heard anecdotally that there is interest in granting access to multiple 
resources, and having multiple access tokens, which would enable different 
components of a client to have different access tokens.

Do you consider multiple access tokens out of scope of RAR?

/Dick
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to