Roland Hedberg

So, we're witnessing a change in usage here. Back when, we had keys that was only used for constructing access/refresh JWS tokens. Now, token handler uses the same keys as...

OK, sounds fair

So what keyword should we use in the configuration to flag this ? Ephemeral ? Like this: ``` "token_handler_args": { "ephemeral_keys": True, "code": {"kwargs": {"lifetime": 600}}, "token": {"class": "oidcop.token.jwt_token.JWTToken", "kwargs":...

What are the use cases ?: 1) Test deployment. You don't expect any persistence between server runs. 2) You expect the server to create all necessary keys and to make...

Token handler is part of the endpoint context so I don't see the need for having it higher up. If the configuration is part of `token_handler_args` then the result of...

I guess the policy for doing JWE instead of JWS could be quite complex. Definitely per audience (RP/RS). Now, if there is more then one entity as audience then you...

It might be that @nsklikas's changes to the claim interface made it superfluous.

I'll have a look at this after lunch. You should consider moving from oidcrp to idpy-oidc. For several reasons we decided to merge oidcmsg, oidcrp and oidc-op into one package...

I should write a document describing what you need to do to move. I would be happy to discuss this with you.

The reason create_from_config_file was removed from OidcRP was that it's duplicated code to what's in `oidcmsg.configure.create_from_config_file()` . Part of a clean up.