Merge pull request #50 from sdesen/main

aaronpk · web-flow · commit db7ce556fa36 · 2025-10-18T07:20:16.000-07:00
Closes #49
diff --git a/draft-ietf-oauth-identity-assertion-authz-grant.md b/draft-ietf-oauth-identity-assertion-authz-grant.md
@@ -451,7 +451,7 @@ All of {{Section 5.2 of RFC7521}} applies, in addition to the following processi
 * Validate the JWT `typ` is `oauth-id-jag+jwt` (per {{Section 3.11 of RFC8725}})
 * The `aud` claim MUST identify the Issuer URL of the Resource Authorization Server as the intended audience of the JWT.
 * The `client_id` claim MUST identify the same client as the client authentication in the request.
-
+* The Resource Authorization Server MUST follow {{Section 3.3 of RFC6749}} when processing the `scope` claim.
 
 ### Response
 
