This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
May_act (May Act For) Claim
May_act (May Act For) Claim

Version management

Difference between version and

At line 1 added 31 lines
!!! Overview
[{$pagename}] is described in [OAuth 2.0 Token Exchange] that [{$pagename}] makes a statement that one party is authorized to become the actor and act on behalf of another party.
The claim value is a [JSON] object and members in the [JSON] object are claims that identify the party that is asserted as being eligible to act for the party identified by the [JWT] containing the claim. The claims that make up the "may_act" claim identify and possibly provide additional information about the [authorized] [actor].
For example, the combination of the two claims "[iss]" and "[sub]" are sometimes necessary to uniquely identify an authorized actor, while the "email" claim might be used to provide additional useful information about that party.
However, claims within the [{$pagename}] pertain only to the identity of that party and are not relevant to the validity of the containing [JWT] in the same manner as top level claims. Consequently, claims such as "[exp]", "[nbf]", and "[aud]" are not meaningful when used within a [{$pagename}], and therefore [SHOULD NOT] be used.
The following example illustrates the [{$pagename}] within a [JWT] Claims Set. The claims of the token itself are about user@example.com while the "may_act" claim indicates that admin@example.com is authorized to act on behalf of user@example.com.
%%prettify
{{{
{
"aud":"https://consumer.example.com",
"iss":"https://issuer.example.com",
"exp":1443904177,
"nbf":1443904077,
"sub":"user@example.com",
"may_act":
{
"sub":"admin@example.com"
}
}
}}} /%
When included as a top-level member of an [OAuth 2.0 Token Introspection] Response, [{$pagename}] has the same semantics and format as the the claim of the same name.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop