w3c / automotive

W3C Automotive Working Group Specifications
Other
146 stars 68 forks source link

open flow alternative #435

Closed isaacagudo closed 2 years ago

isaacagudo commented 2 years ago

I tried to minimize the changes required to include explicit signals in the access token. Only relevant sections are viss server and access token.

UlfBj commented 2 years ago

https://rawcdn.githack.com/w3c/automotive/25dbc376ee83527b43b8efce63eaadefa752e3a0/spec/VISSv2_Core.html#access-token

UlfBj commented 2 years ago

Change "Except for the vehicle identity (vin) claim that is optional, the Access token SHALL have the following claims in header and payload." to "Except for the vehicle identity (vin), and client context (clx) claims that are optional, the Access token SHALL have the following claims in header and payload."

Add to clx description: If the scope claim is set to a purpose, the client context claim MUST be present in the token.