Section 3 - parameter name conflict with Proof-of-Posession.

In section 3, it is stated that

... the Authorization Request Object SHOULD contain the Claims "iss" (issuer) and "aud" (audience) as members ...'

However, that will produce a parameter name conflict with the "aud" parameter from OAuth 2.0 Proof-of-Possession: Authorization Server to Client Key Distribution.

Seems like draft-ietf-oauth-pop-key-distribution will need to change its parameter name (aud in JWT is pretty well established). And shouldn't draft-ietf-oauth-jwsreq register some of the JWT's Registered Claim Names (at least iss and aud but maybe exp and others) as authorization request OAuth parameters?

(Brian Campbell)

Comments (2)