On 2023-04-18 02:51, Vittorio Bertocci wrote:
Hi Evert,
The audience parameter isn’t standard- it was implemented before a
standard modeling the corresponding concept (resource indicators) was
introduced in
https://www.rfc-editor.org/rfc/rfc8707.html.
Audience is mostly an alias of the
Hi Evert,
The audience parameter isn’t standard- it was implemented before a standard
modeling the corresponding concept (resource indicators) was introduced in
https://www.rfc-editor.org/rfc/rfc8707.html.
Audience is mostly an alias of the resource parameter, hence i wouldn’t be
too worried about
These parameters seem to be similar to the "resource" parameter defined
in RFC8707 (https://www.rfc-editor.org/rfc/rfc8707.html).
Maybe the vendors implemented their non-standard extensions before the
RFC was published.
Best regards,
Karsten
On 17.04.2023 23:57, Evert Pot wrote:
Hi list,
RFC 6749 discusses client impersonation
https://datatracker.ietf.org/doc/html/rfc6749#section-10.2
> The authorization server SHOULD NOT process repeated authorization
> requests automatically (without active resource owner interaction)
> without authenticating the client or relying on other