openid / igov / issues / #14 - oauth2 Profile - 3.2. @torsten comment

Issue #14 resolved

Paul Grassi created an issue 2019-03-05

Section describes use of JWTs and Introspection to convey token data. Are both mechanisms a mandatory to implement requirement for every iGov compliant AS? How is the AS supposed to determine what kind of token to issue for a particular token request?

Comments (8)

Paul Grassi Account Deactivated reporter
- changed title to oauth2 Profile - 3.2. @torsten comment
- 2019-03-05T22:26:26+00:00
Giuseppe De Marco
In the current text the introspection endpoint is OPTIONAL

AT in JWT format is a good solution for enabling some metadata in a token that otherwise would be opaque.

the value of having AT in JWT format is that on the basis of the claims contained therein, it may or may not be necessary to adopt introspection endpoints

having introspection as optional, only the JWT format gives the AT the minimum properties for good interoperability
- 2023-01-21T15:26:33+00:00
Giuseppe De Marco
- changed status to wontfix
- 2023-01-21T15:26:45+00:00
Giuseppe De Marco
- changed status to open
- 2023-01-21T15:29:20+00:00
Giuseppe De Marco
linked to https://bitbucket.org/openid/igov/issues/15/oauth2-profile-321-torsten-comment
- 2023-01-21T15:29:42+00:00
Tom Clancy
- marked as blocker
Changed to BLOCKER to filter for v1.05/Implementer’s draft.
- 2024-07-16T18:45:13+00:00
Kelley Burgin
JWTs are required and Introspection is not.
- 2024-07-23T15:24:19+00:00
Kelley Burgin
- changed status to resolved
JWTs are required, introspection is not (MAY)
- 2024-07-23T16:06:35+00:00
Log in to comment

Assignee: –

Type: bug

Priority: blocker

Status: resolved

Votes: 0

Watchers: 1