| ClientAssertion |
The client_assertion part of a Client-Credentials Grant
This JWT will be signed, compacted, and sent to the oauth_token_url as a POST
request along with the following values
grant_type=client_credentials
client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer
client_assertion=signed_client_assertion_jwt
scope=blank separated list of scopes
The audience originially was expected to be the token_url on these requests
But D2L felt like there was supposed to be a separate audience value
for these tokens in IMS that is part of the contract so we all added
another column for it :)
Later the IMS working group led by Backboard decided to eventually require the
deployment_id on this - which I think is a great idea and should have been there
all along but I still don't get why we need both an audience value
and a deployment_id - but D2L is rarely wrong on these matters.
|