Closed isaacagudo closed 2 years ago
Change "Except for the vehicle identity (vin) claim that is optional, the Access token SHALL have the following claims in header and payload." to "Except for the vehicle identity (vin), and client context (clx) claims that are optional, the Access token SHALL have the following claims in header and payload."
Add to clx description: If the scope claim is set to a purpose, the client context claim MUST be present in the token.
I tried to minimize the changes required to include explicit signals in the access token. Only relevant sections are viss server and access token.