Hi all, I updated the shepherd writeup for draft-ietf-oauth-access-token-jwt-09 and included the links to the implementations distributed on the list. I am sure there are more.
While updating the shepherd writeup I noticed that the draft contains a JWT in a style that does not match the format described in RFC 7519. I was wondering whether we should actually replicate the example in a way similar to Section 6.1 of RFC 7519 (which shows an unsecured JWT) or, even better, a digitally signed JWT. Here is the snippet from the draft: {"typ":"at+JWT","alg":"RS256","kid":"RjEwOwOA"} { "iss": "https://authorization-server.example.com/", "sub": " 5ba552d67", "aud": "https://rs.example.com/", "exp": 1544645174, "client_id": "s6BhdRkqt3_", "scope": "openid profile reademail" } Figure 2: A JWT Access Token What do you think? Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth