subject:"Re\: \[OAUTH\-WG\] How could an IdP create an id token for one audience RP without knowing for which RP \?"

Re: [OAUTH-WG] How could an IdP create an id token for one audience RP without knowing for which RP ?

2017-08-08 Thread Hammann Sven

Dear all, I would like to clarify and agree with John Bradley that there is a confusion here. In the setting that I was discussing in my presentation, I was looking at OpenID Connect, where we have: An end-user with his user agent (browser) that wishes to log in at an RP service (and this

Re: [OAUTH-WG] How could an IdP create an id token for one audience RP without knowing for which RP ?

2017-08-03 Thread Torsten Lodderstedt

+1 > Am 31.07.2017 um 16:01 schrieb John Bradley : > > For access tokens I would like to see a use case for a completely = > decoupled and anonymous RS that is not just a misuse of OAuth for = > Authentication, before trying to add a feature like this. smime.p7s Description:

Re: [OAUTH-WG] How could an IdP create an id token for one audience RP without knowing for which RP ?

2017-07-31 Thread John Bradley

I think there may be some confusion between two different things that can use JWT. In OAuth a client asks for authorization to access some API set of resources. The AS is supposed to gather consent. In principal to construct some reasonable dialog for the user to grant the consent and to be

Re: [OAUTH-WG] How could an IdP create an id token for one audience RP without knowing for which RP ?

Re: [OAUTH-WG] How could an IdP create an id token for one audience RP without knowing for which RP ?

Re: [OAUTH-WG] How could an IdP create an id token for one audience RP without knowing for which RP ?

3 matches

Site Navigation

Mail list logo

Footer information