Hi folks, I'm finding a standard way to express data processing purposes in access token/requests. E.g an access token request/response should provide an identifier linked to the reason that motivates a specific data processing.
The first idea is that this identifier is conveyed in a custom claim, but maybe there's an existing claim/access token request parameter already. If such a parameter does not exist, which is the procedure for registering it? Kind regards, R:
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
