I took a look at Section 2.2.3.1: Claims for Authorization Outside of Delegation Scenarios ( https://tools.ietf.org/html/draft-ietf-oauth-access-token-jwt-08#section-2.2.3.1) and I do not understand what exactly the formats of the "roles", "groups", and "entitlements" claims will be.
Will the "roles" claim be an array of strings (role names, IDs, or links), an array of the "roles" objects from the SCIM User schema (pages 66-67 of RFC 7643), or something else? Will the "groups" claim be an array of strings (group names, IDs, or links), an array of the "groups" objects from the SCIM User schema (pages 63-64 of RFC 7643), an array of SCIM Group schema objects (pages 69-70 of RFC 7643), or something else? Will the "entitlements" claim be an array of strings (entitlement names, IDs, or links), an array of the "entitlements" objects from the SCIM User schema (pages 65-66 of RFC 7643), or something else? Sincerely, Logan Widick
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
