Closed yaronf closed 10 months ago
YS: Deriving a downstream token: should we say that the AS MUST verify that the existing_access_token is targeted at RS1?
JR: I think that’s reasonable to add.
YS: Deriving a downstream token: should we say that the AS MUST verify that the existing_access_token is targeted at RS1?
JR: I think that’s reasonable to add.