- changed status to open
"Client" is misleading in the context of signed introspection responses
Issue #602
resolved
FAPI 2.0 MS currently talks about “clients” in the “Signing Introspection Responses” section.
I think this is somewhat misleading, because it really refers to resource servers. Since the JWT Response for OAuth Token Introspection draft also talks about handling RSs as clients, I am not sure whether this is maybe intended. If so, I think it would be worth adding a note explaining why the RS is being referred to as “Client” in that context.
Comments (6)
-
-
We need a clarification text or better wording.
-
-
assigned issue to
-
assigned issue to
-
Related: Issue
#617Security issue in the JWT Response for OAuth Token Introspection specification -
dealt with by this PR: https://bitbucket.org/openid/fapi/pull-requests/431
-
- changed status to resolved
- Log in to comment