[Openid-specs-ab] Using ID token as JWT assertion grant
t.broyer at gmail.com
Mon Sep 28 12:03:22 UTC 2015
On Mon, Sep 28, 2015 at 1:16 PM Vladimir Dzhuvinov <vladimir at connect2id.com>
> Is anyone using ID tokens as a JWT assertion grant to obtain access
> tokens from an AS?
Google is at least using something very similar:
> How do you go about satisfying the requirement that the AS URL (or AS
> token endpoint URL) must be present in the ID token audience (aud)? (The
> ID token audience is typically set to the client app).
AIUI, the idea is that the JWT is generated *by* the client.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab