support RFC 8707 to request AT audience #841
Comments
|
Same as #381. |
|
Any update here ? |
|
Hi, there is a work in progress PR #888. What's still missing there, is to save the requested resources in the original authorization request, such to allow for a narrower resource list appearing in the access token. |
|
@federicaagostini , Does this apply to client credential grant as well ? |
|
Hi, yes we are implementing the ability to request for a resource parameter in all flows (also device code and token exchange). My guess is that the RFC reports examples about the more used flows in industry. It should behave quite similarly to the audience parameter, do you agree? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Recent versions of
oidc-agentby default use RFC 8707 to request access tokens with audiences, while for IAM the legacy method needs to keep being used, as described here:https://github.com/indigo-dc/oidc-agent/releases/tag/v5.0.0
It would seem a good idea to let IAM support that RFC in addition, for the time being. This does not look urgent.
The text was updated successfully, but these errors were encountered: