As discussed in issue #399, we want to have the possibility to send a short token to authorize requests to the server. As agreed in the last meeting, sending just the JTI seems like a reasonable solution.
I tried to change as little as possible in the specification. I could elaborate a bit more on the caching strategy for the server but I think this is out of the scope.
As discussed in issue #399, we want to have the possibility to send a short token to authorize requests to the server. As agreed in the last meeting, sending just the JTI seems like a reasonable solution. I tried to change as little as possible in the specification. I could elaborate a bit more on the caching strategy for the server but I think this is out of the scope.