[OAUTH-WG] can a resource server provide indications about expected access tokens?

Nikos Fotiou <fotiou@aueb.gr> Sat, 11 December 2021 10:35 UTC

Return-Path: <fotiou@aueb.gr>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C37983A0B9A for <oauth@ietfa.amsl.com>; Sat, 11 Dec 2021 02:35:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=aueb.gr
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B_W_f1uQV4rA for <oauth@ietfa.amsl.com>; Sat, 11 Dec 2021 02:35:47 -0800 (PST)
Received: from blade-b3-vm-relay.servers.aueb.gr (blade-b3-vm-relay.servers.aueb.gr [195.251.255.106]) by ietfa.amsl.com (Postfix) with ESMTP id C7FF43A0B92 for <oauth@ietf.org>; Sat, 11 Dec 2021 02:35:45 -0800 (PST)
Received: from blade-a1-vm-smtp.servers.aueb.gr (blade-a1-vm-smtp.servers.aueb.gr [195.251.255.217]) by blade-b3-vm-relay.servers.aueb.gr (Postfix) with ESMTP id 84ABAF0A for <oauth@ietf.org>; Sat, 11 Dec 2021 12:35:42 +0200 (EET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=aueb.gr; s=201901; t=1639218942; bh=r07oc6Kn9zJd9Pdy4OYbvqjDam7+oSN2eEVEMKdlRA0=; h=From:Subject:Date:To:From; b=YvYms2yvoGFl6bkeFQ5A2UtB3In+CTtYprG/jsVYGcR43g58aQ7ucO8T61sGYKlKA mo6//UgXqHguDp5iiSvtlaSWJ+jhyxkJJ7Qc1jRne/FSg72+CjBLM++ASvM6IUUZbv KD7xjQBLlq6pGZCGAQw0ugawMCmxddEE3RKyqv4nZRJhIFMjW8FoWJWAINEHitRQpx j+ZmZ0gVs4Ww0ZsYOirhH+krrpZY2R1OlOsRhBjSG3TjnTk5JGXiqKGlLYL02RLke2 ZBIqUzloapIVdiQrQvmQb4zwrKQRF6fmZ8oZvGJShHFCcIgvCb3DmGLIxQthUtP9Xc clPXYMN7IHUTw==
Received: from smtpclient.apple (athedsl-4545948.home.otenet.gr [94.70.41.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: fotiou) by blade-a1-vm-smtp.servers.aueb.gr (Postfix) with ESMTPSA id 4F5174C0 for <oauth@ietf.org>; Sat, 11 Dec 2021 12:35:41 +0200 (EET)
From: Nikos Fotiou <fotiou@aueb.gr>
Content-Type: multipart/signed; boundary="Apple-Mail=_F531462D-FC92-4FA7-8A89-C4A887F3C2B2"; protocol="application/pkcs7-signature"; micalg="sha-256"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.20.0.1.32\))
Message-Id: <CE063C3C-6992-4450-8153-0778C143C7A5@aueb.gr>
Date: Sat, 11 Dec 2021 12:35:41 +0200
To: oauth <oauth@ietf.org>
X-Mailer: Apple Mail (2.3693.20.0.1.32)
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/PG1meDsBtw4iy8EwahsJovv3Ipc>
Subject: [OAUTH-WG] can a resource server provide indications about expected access tokens?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Dec 2021 10:35:52 -0000

Hi,

I have a use case where a resource server is protected  and can only be accessed if a JWT is presented. Is there any way for the server to "indicate" the "expected" format of the JWT. For example,  respond to unauthorized requests with something that would be translated into "I expect tokens form iss X with claims [A,B,C]"

Best,
Nikos

--
Nikos Fotiou - http://pages.cs.aueb.gr/~fotiou
Researcher - Mobile Multimedia Laboratory
Athens University of Economics and Business
https://mm.aueb.gr