relax recommendation against requested_token_type use - Githubissues

oauth-wg / oauth-identity-chaining

Draft specification for Identity Chaining

https://drafts.oauth.net/oauth-identity-chaining/draft-ietf-oauth-identity-chaining.html

Other

4 stars 3 forks source link

relax recommendation against requested_token_type use #82

Closed bc-pi closed 5 months ago

bc-pi commented 7 months ago

Placeholder issue noting that @aaronpk's use case utilizes requested_token_type while the the current text https://www.ietf.org/archive/id/draft-ietf-oauth-identity-chaining-01.html#section-2.3.1-1 has a SHOULD NOT. With the recent change to limit token types to JWTs https://github.com/oauth-wg/oauth-identity-chaining/issues/45 that SHOULD NOT isn't as meaningful/useful. Suggestion (from me) is to remove mention/treatment of the parameter from 2.3.1 https://www.ietf.org/archive/id/draft-ietf-oauth-identity-chaining-01.html#name-token-exchange-request

aaronpk commented 7 months ago

We discussed on the Feb 23 call and there was general agreement that removing the parameter is the right call, and won't have any negative consequences on implementations of this draft.