[Openid-specs-ab] JSON Web Token (JWT) Bearer Profile for OAuth 2.0
nov matake
nov at matake.jp
Thu Sep 1 07:09:20 UTC 2011
Hi all,
I haven't noticed the "JSON Web Token (JWT) Bearer Profile for OAuth 2.0" spec until now, but it seems interesting for Connecters.
In this spec, JWT is used as a grant, not an access token.
I briefly imagined whether id_token could be used as a JWT grant.
===
# Step 1. Authorization Request
[Request]
* GET /authorize?response_type=id_token&..
[Response]
* https://client.example.com/callback#id_token=YOUR_ID_TOKEN
* or id_token in query? # BTW, why id_token has to be in fragment?
# Step 2. Check Session Request (OPTIONAL)
[Request]
* POST /check_session?id_token=YOUR_ID_TOKEN
[Response]
* Extracted ID Token in JSON
# Step 3. Token Request
[Request]
* POST /token?grant_type=http://oauth.net/grant_type/jwt/1.0/bearer&jwt=YOUR_ID_TOKEN
[Response]
* Access Token in JSON
===
If you're interested in it, please give me feedback.
Thanks in advance
--
nov
More information about the Openid-specs-ab
mailing list