I had fun with this one: 7 Ways an OAuth Access Token is like a ... • Aaron Parecki

61°F

I had fun with this one: 7 Ways an OAuth Access Token is like a Hotel Key Card

https://developer.okta.com/blog/2019/06/05/seven-ways-an-oauth-access-token-is-like-a-hotel-key-card

Portland, Oregon, USA

Wed, Jun 5, 2019 9:19am -07:00 #oauth

21 likes 9 reposts 2 replies 1 mention
Have you written a response to this? Let me know the URL:
- Tim Ysewyn @ 🇬🇧 twitter.com/TYsewyn
  
  Why should the role be in the token if you have the userinfo endpoint? Or why should there even be a (list of) role(s) in the token if it’s only a means to have access to an endpoint? 🤔
  
  Thu, Jun 6, 2019 1:40pm +00:00 (via brid-gy.appspot.com)
- Stephan twitter.com/Stephan007
  
  Nice write up! Question: if an authenticated user gets a new/extra role, does the server create a new JWT or is there a way to update the existing token?
  
  Thu, Jun 6, 2019 10:01am +00:00 (via brid-gy.appspot.com)
Other Mentions
- Christoph Engelbert twitter.com/noctarius2k
  
  Brilliant post 👍😊
  
  Fri, Jun 7, 2019 5:38am +00:00 (via brid-gy.appspot.com)

Posted in /notes using quill.p3k.io