Closed naveencm4u1 closed 5 months ago
gffletch
commented
10 months ago In what situations would we have multiple tokens such that leveraging the Authorization header is not sufficient? My preference would be to leverage the Authorization header. Receiving entities can distinguish token types based on the JWT Header.
naveencm4u1
commented
10 months ago @gffletch It is mainly in the transition phase. In our case, we want to pass both Access Token and Transaction Token until all the downstream are ready.
gffletch
commented
8 months ago This topic has come up again so re-opening the issue as it's something I think we need to address in the specification.
tulshi
commented
7 months ago Duplicate of #49
obfuscoder
commented
5 months ago I believe, this issue can be closed as well?
I assume the token is sent in the header. Do we have any recommendations for the header name?