Sub claim in Client Credentials token
senj opened this issue · comments
Question / Issue
According to https://tools.ietf.org/html/rfc7523#section-3, a Client Credentials JWT MUST contain a sub claim with the value of client_id. (because there is no user involved)
As far as I know, this is not the case for a token requested at Identity Server 3.
Is there a reason not to follow the standard?
Any update on this?
You are reading the wrong spec. This is for tokens authentication the client. Not for access tokens.