ohk @JonathanHuot . I am inspecting some of the rfc specifications.
RFC7515: JSON Web Signature
RFC7516: JSON Web Encryption
RFC7517: JSON Web Key
RFC7518: JSON Web Algorithms
RFC7519: JSON Web Token
RFC7523: JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants
I have seen some discussions around these specifications on github regarding the above specifications and in the source code I am able to find https://github.com/oauthlib/oauthlib/blob/master/oauthlib/openid/connect/core/tokens.py.
So can I say RFC7519 and RFC7523 is functional but RFC7515, RFC7516, RFC7517, RFC7518 will be implemented in the near future? , If yes should I add it as an issue to discuss this in a better way.
Hello! I'm new to the OAuth world, and I've been reading the oauthlib docs, as well as oauth.com. It's not clear to me the difference between a Grant Type and Response Type, specially when reading this: https://oauthlib.readthedocs.io/en/latest/oauth2/server.html#client-or-consumer
Required, if using a grant type with an associated response type (eg. Authorization Code Grant) or using a grant which only utilizes response types (eg. Implicit Grant)
Aren't all grant types associated with a response type, somehow? In the authorization request, the Client WILL send in a
response_type parameter, which is directly related to the grant type it wants to obtain, right? Could someone please break this down to me?
Basically the "Grant Type" is the name of the Authorization flow. "grant_type" is the name of the field when sending request to the Token endpoint; "response_type" is the name of the field when sending request to the Authorization endpoint.
Nice! Thanks for the clarification!