[Openid-specs-fapi] Issue #417: Shall require introspection of claims (openid/fapi)
Travis Spencer
issues-reply at bitbucket.org
Fri May 28 08:28:21 UTC 2021
New issue 417: Shall require introspection of claims
https://bitbucket.org/openid/fapi/issues/417/shall-require-introspection-of-claims
Travis Spencer:
FAPI 2 baseline says:
> shall provide a means for resource servers to verify the validity, integrity, sender-constraining, scope \(incl. authorization\_details\), expiration and revocation status of an access token, either by providing an introspection endpoint \[RFC7662\], by exposing signature verification keys, or by deployment-specific means
[https://openid.net/specs/fapi-2\_0-baseline-00.html#section-2.2.1-2.17.1](https://openid.net/specs/fapi-2_0-baseline-00.html#section-2.2.1-2.17.1)
This should be updated to say:
> shall provide a means for resource servers to verify the validity, integrity, sender-constraining, scope \(incl. authorization\_details **and claims**\), expiration and revocation status of an access token, either by providing an introspection endpoint \[RFC7662\], by exposing signature verification keys, or by deployment-specific means
As an OpenID Connect profile, section 5 of core needs be handled as well.
More information about the Openid-specs-fapi
mailing list