The OAuth Authorization Request includes the desired scope(s) but not the desired audience. We need a token that can be used with other relying parties, so the audience isn't just the requester's client_id. We need to understand the right flow for this.
The OAuth Authorization Request includes the desired scope(s) but not the desired audience. We need a token that can be used with other relying parties, so the audience isn't just the requester's client_id. We need to understand the right flow for this.