- From: divoplade <d@divoplade.fr>
- Date: Sun, 11 Oct 2020 16:29:31 +0200
- To: Aaron Coburn <acoburn@apache.org>
- Cc: public-solid <public-solid@w3.org>
Hello Aaron,
Le dimanche 11 octobre 2020 à 10:02 -0400, Aaron Coburn a écrit :
> Returning two (or more) tokens is a standard part of OIDC. You can
> read about it at
> https://openid.net/specs/openid-connect-core-1_0.html#TokenResponse
Thank you for this pointer. I realize that the response is not provided
by redirection for the token endpoint, which makes a lot of sense.
> {
> "access_token": "<DPoP-bound Access Token as JWT>",
> "token_type": "Bearer",
> "refresh_token": "<Refresh Token>",
> "expires_in": 3600,
> "id_token": "<ID Token as JWT>"
> }
Should the token_type not be "DPoP" instead of "Bearer", as prescribed
by DPoP?
Received on Sunday, 11 October 2020 14:31:51 UTC