- marked as task
Document the impact of grant changes on issued tokens
Suggested by Vladimir Dzhuvinov vi the mailing list:
“Effect of grant changes via authz request or mgmt API on issued refresh and access tokens: At present the spec is not explicit on this. I think there should be clear guidance what happens to existing refresh and access tokens linked to a grant_id when the grant changes. Including those situations when the client is public or multiple client_id's are linked to a "client". This can be useful for AS implementers as well as client developers, so the latter know exactly what to expect about the tokens when a grant gets modified.”
Comments (8)
-
reporter -
-
assigned issue to
-
assigned issue to
-
- changed status to open
Put on hold till the right time comes.
-
@Vladimir Dzhuvinov I think it’s covered now. Could you please take a look?
-
Thanks Torsten. I read the version from 2021-06-01 and those aspects appear to be covered now.
Is it correct that public clients and credentialed clients (OAuth 2.1) are in fact not supported?
Authorization servers
1. shall support confidential clients as defined in [@!RFC6749].
-
reporter Hi Vladimir, it’s a good question.
We have discussed public clients here: https://bitbucket.org/openid/fapi/issues/386/grant-management-public-vs-private-clients.
We said that we will support it later but this needs more work.
First use cases for Grant Management are in Open Banking type of ecosystems, with confidential clients only.
Does it answer your question?
-
reporter -
reporter - changed status to resolved
Resolved
- Log in to comment