This is a good point, might as well spell it out.--JustinSent from my phone-------- Original message --------From: James Phillpotts <james.phillpotts@forgerock.com >Date: 7/11/17 3:57 AM (GMT-05:00)To: Eve Maler <eve@xmlgrrl.com>Subject: Re: [WG-UMA] Minor commentOnly in that in UMA 1.0 the token type hint was not access_token.J.On 11 July 2017 at 02:14, Eve Maler <eve@xmlgrrl.com> wrote:Since both PATs and RPTs are already formally defined, and function, as OAuth access tokens, I wonder if it's necessary to spell this requirement out. (The protection API is just about introspecting the RPT.)Eve Maler (sent from my iPad) | cell +1 425 345 6756Hi all,In https://docs.kantarainitiative.org/uma/wg/oauth-uma- given we just talk about RPTs and PATs, should we specify that the token_type_hint (if used) should be set to access_token?federated-authz-2.0-05.html# token-introspection ref: https://tools.ietf.org/html/rfc7662#section-2.1 and https://tools.ietf.org/html/rfc7009#section-4.1.2.2 CheersJames_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma