Tim Ysewyn @ 🇧🇪🏠
Why should the role be in the token if you have the userinfo endpoint? Or why should there even be a (list of) role(s) in the token if it’s only a means to have access to an endpoint?
Some people like to use JWTs for access tokens or other self-encoded mechanisms. There are definitely trade-offs.
Thu, Jun 6, 2019 12:20pm -07:00
Have you written a
to this? Let me know the URL: