- From: Aaron Coburn <acoburn@apache.org>
- Date: Sun, 11 Oct 2020 10:52:26 -0400
- To: divoplade <d@divoplade.fr>
- Cc: public-solid <public-solid@w3.org>
Received on Sunday, 11 October 2020 14:53:04 UTC
Right, of course:
{
... ,
"token_type": "DPoP",
...
}
On Sun, 11 Oct 2020 at 10:29, divoplade <d@divoplade.fr> wrote:
> Hello Aaron,
>
> Le dimanche 11 octobre 2020 à 10:02 -0400, Aaron Coburn a écrit :
> > Returning two (or more) tokens is a standard part of OIDC. You can
> > read about it at
> > https://openid.net/specs/openid-connect-core-1_0.html#TokenResponse
>
> Thank you for this pointer. I realize that the response is not provided
> by redirection for the token endpoint, which makes a lot of sense.
>
> > {
> > "access_token": "<DPoP-bound Access Token as JWT>",
> > "token_type": "Bearer",
> > "refresh_token": "<Refresh Token>",
> > "expires_in": 3600,
> > "id_token": "<ID Token as JWT>"
> > }
>
> Should the token_type not be "DPoP" instead of "Bearer", as prescribed
> by DPoP?
>
>
Received on Sunday, 11 October 2020 14:53:04 UTC