New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use of actor_token
and actor_token_type
#60
Comments
Since RFC8693 (Token Exchange) refers to the |
This is kind of what the spec says today. It's not required and up to the implementation. It is just referenced as an example. However, I'm fine removing the example and just being silent in the spec on the topic. |
Recommendation to update example and be silent on use of |
Removed the additional text regarding possible client authentication methods and just left it that the client MUST authenticate itself to the Transaction Token Service and that the specific client authentication method is out of scope for this specification. |
Added text addressing issues oauth-wg#58, oauth-wg#60, and oauth-wg#61
Should we allow the use of
actor_token
andactor_token_type
to be used as a means of client authentication for the Transaction Token Service? If not, should explicitly prohibit the use of these parameters in the profile of the Token Exchange spec.The text was updated successfully, but these errors were encountered: