oauth: Do clients care about the access token contents?

ivoa-std / SSO

Single Sign On

Creative Commons Attribution Share Alike 4.0 International

1 stars 6 forks source link

Open aragilar opened 1 week ago

aragilar commented 1 week ago

I’d argue no, clients should treat them as opaque, and only the resource server and authorization server worry about their contents.

See #22 for context.