[Openid-specs-ab] Using ID token as JWT assertion grant

Thomas Broyer t.broyer at gmail.com
Mon Sep 28 12:03:22 UTC 2015


On Mon, Sep 28, 2015 at 1:16 PM Vladimir Dzhuvinov <vladimir at connect2id.com>
wrote:

> Hello,
>
> Is anyone using ID tokens as a JWT assertion grant to obtain access
> tokens from an AS?
>

Google is at least using something very similar:
https://developers.google.com/identity/protocols/OAuth2ServiceAccount


> How do you go about satisfying the requirement that the AS URL (or AS
> token endpoint URL) must be present in the ID token audience (aud)? (The
> ID token audience is typically set to the client app).
>

AIUI, the idea is that the JWT is generated *by* the client.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150928/b22755e5/attachment.html>


More information about the Openid-specs-ab mailing list