That’s what I thought. Thanks for the clarification.

On Mon, Jan 13, 2020 at 6:20 PM Justin Richer <[email protected]> wrote:

> Multiple access tokens are outside the scope of RAR. The request is
> intended to describe the access for a single returned access token. If
> semantics for multiple access tokens are agreed upon, then it can use the
> RAR structure, the Resources parameter, and the Scope parameter all in
> parallel again.
>
>  — Justin
>
> > On Jan 13, 2020, at 8:31 PM, Dick Hardt <[email protected]> wrote:
> >
> > Torsten / Justin / Brian
> >
> > In my reading of the ID, it appears that there is a request for just one
> access token, and the authorization_details array lists one or more
> resources that the one access token will provide access to. Correct?
> >
> > I have heard anecdotally that there is interest in granting access to
> multiple resources, and having multiple access tokens, which would enable
> different components of a client to have different access tokens.
> >
> > Do you consider multiple access tokens out of scope of RAR?
> >
> > /Dick
>
>
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to