Sub claim in Client Credentials token

Question

Sub claim in Client Credentials token

senj opened this issue 7 years ago · comments

Question / Issue

According to https://tools.ietf.org/html/rfc7523#section-3, a Client Credentials JWT MUST contain a sub claim with the value of client_id. (because there is no user involved)
As far as I know, this is not the case for a token requested at Identity Server 3.

Is there a reason not to follow the standard?

Lukas Zaiser · Answer 1 · Wed Oct 25 2017 18:19:29 GMT+0800 (China Standard Time)

Any update on this?

Dominick Baier · Answer 2 · Wed Oct 25 2017 19:04:07 GMT+0800 (China Standard Time)

You are reading the wrong spec. This is for tokens authentication the client. Not for access tokens.