Very good presentation but I do miss any mention of the audience claim. This claim is underrated in my opinion at least. It allows the token to climb access to an api or server or whatever that can be used by gateways to do a high level authorization. Then the scopes can be used at the resource server to govern lower level authorization.
No comments yet.