wordpress-indieauth icon indicating copy to clipboard operation
wordpress-indieauth copied to clipboard

Published 20 hours ago verified publisher icon indieweb

Introspection could use SUB claim for Pure OAuth client Compatibility

Open carrvo opened this issue 9 months ago • 2 comments
trafficstars

For the introspection endpoint, it only returns the active claim in the identity token but the spec requires more (and so does the underlying OAuth spec).

More specifically, mod_oauth2 requires at least the sub claim. I believe this is so that it can set the user in Apache for other modules to process.

carrvo avatar Feb 01 '25 21:02 carrvo