Hi all,
I updated the shepherd writeup for draft-ietf-oauth-access-token-jwt-09 and
included the links to the implementations distributed on the list. I am sure
there are more.
While updating the shepherd writeup I noticed that the draft contains a JWT in
a style that does not match the format described in RFC 7519.
I was wondering whether we should actually replicate the example in a way
similar to Section 6.1 of RFC 7519 (which shows an unsecured JWT) or, even
better, a digitally signed JWT.
Here is the snippet from the draft:
{"typ":"at+JWT","alg":"RS256","kid":"RjEwOwOA"}
{
"iss": "https://authorization-server.example.com/";,
"sub": " 5ba552d67",
"aud": "https://rs.example.com/";,
"exp": 1544645174,
"client_id": "s6BhdRkqt3_",
"scope": "openid profile reademail"
}
Figure 2: A JWT Access Token
What do you think?
Ciao
Hannes
IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If you are not the intended recipient,
please notify the sender immediately and do not disclose the contents to any
other person, use it for any purpose, or store or copy the information in any
medium. Thank you.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
