Dear all,
I would like to clarify and agree with John Bradley that there is a confusion
here.
In the setting that I was discussing in my presentation, I was looking at
OpenID Connect, where we have:
An end-user with his user agent (browser) that wishes to log in at an RP
service (and this
+1
> Am 31.07.2017 um 16:01 schrieb John Bradley :
>
> For access tokens I would like to see a use case for a completely =
> decoupled and anonymous RS that is not just a misuse of OAuth for =
> Authentication, before trying to add a feature like this.
smime.p7s
Description:
I think there may be some confusion between two different things that can use
JWT.
In OAuth a client asks for authorization to access some API set of resources.
The AS is supposed to gather consent.
In principal to construct some reasonable dialog for the user to grant the
consent and to be