Re: [OAUTH-WG] RAR - Client Credentials and Authorization Details

Torsten Lodderstedt Thu, 14 May 2020 03:10:25 -0700

Sure. That's possible. 

https://tools.ietf.org/html/draft-ietf-oauth-rar-01#section-3.1 states


"The request parameter can be used to specify authorization
   requirements in all places where the "scope" parameter is used for
   the same purpose, examples include:

…

Access token requests as specified in [RFC6749], if also used as
      authorization requests, e.g. in the case of assertion grant types
      [RFC7521]”

I filed a ticket to also mention this in the token request section. 

> On 14. May 2020, at 11:04, Matthew De Haast <[email protected]> 
> wrote:
> 
> RFC6749 allows scopes to be presented at the token endpoint for cases like 
> client credentials grants.
> 
> It's not clear how this could be achieved with the current RAR spec though 
> when a Client using Client Credentials wants to request fine grained access 
> using authorization_details. Or should this even be possible?
> 
> Matt
> 
> _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth

_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] RAR - Client Credentials and Authorization Details

Reply via email to