jwt: Authorization JWT bearer shouldn't contain "scope" in "assertion" · Issue #461 · golang/oauth2 · GitHub | Latest TMZ Celebrity News & Gossip | Watch TMZ Live
Skip to content

jwt: Authorization JWT bearer shouldn't contain "scope" in "assertion" #461

New issue
New issue
Open
Open
jwt: Authorization JWT bearer shouldn't contain "scope" in "assertion"#461
@seliverstov-tinkoff

Description

@seliverstov-tinkoff
seliverstov-tinkoff
opened on Dec 3, 2020

Our team have used this jwt client for authorization by RFC-7523. In fact, the result "assertion" of this client has claim with a "scope", but there is no field "scope" in POST request like it described in 4.1 of RFC-7521.

I mean, request must look like this

POST /token.oauth2 HTTP/1.1
Host: authz.example.net
Content-Type: application/x-www-form-urlencoded

grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer
&scope=test
&assertion=eyJhbGciOiJFUzI1NiIsImtpZCI6IjE2In0.
eyJpc3Mi[...omitted for brevity...].
J9l-ZhwP[...omitted for brevity...]

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      TMZ Celebrity News – Breaking Stories, Videos & Gossip

      Looking for the latest TMZ celebrity news? You've come to the right place. From shocking Hollywood scandals to exclusive videos, TMZ delivers it all in real time.

      Whether it’s a red carpet slip-up, a viral paparazzi moment, or a legal drama involving your favorite stars, TMZ news is always first to break the story. Stay in the loop with daily updates, insider tips, and jaw-dropping photos.

      🎥 Watch TMZ Live

      TMZ Live brings you daily celebrity news and interviews straight from the TMZ newsroom. Don’t miss a beat—watch now and see what’s trending in Hollywood.