adobeio-auth icon indicating copy to clipboard operation
adobeio-auth copied to clipboard
verified publisher icon AdobeDocs

Document access token format (is a JWT itself)

Open kwin opened this issue 5 years ago • 0 comments

It seems that the access token being issued by https://www.adobe.io/authentication/auth-methods.html#!AdobeDocs/adobeio-auth/master/JWT/JWT.md#exchanging-jwt-to-retrieve-an-access-token is a JWT itself but it doesn't seem to follow https://tools.ietf.org/html/draft-ietf-oauth-access-token-jwt-07#section-2.

By looking at the AEM client (com.adobe.granite.auth.ims.impl.IMSTokenValidatorImpl) I assume that at least the following claims are contained in there

  1. created_at
  2. expires_in

Please document the format of the access token so that it can be validated without having to consider the other properties from the OAuth response (https://tools.ietf.org/html/rfc6749#section-4.1.4).

kwin avatar Jul 29 '20 08:07 kwin