`purp` claim name and optionality

Question

`purp` claim name and optionality

tulshi opened this issue 6 months ago · 1 comments

From Yaron's feedback email:
need a lot more discussion of this claim, also it may be OPTIONAL too. Also, why not call it "scope" if that's what it is?

Answer 1 · 2024-06-14T15:44:23.000Z

From @gffletch:

In an external to internal flow, the scopes tend to be broad. The TraT can be set to a more specific to narrow the use of the TraT.
We could call it scope, but it could be confused with the OAuth scope
One could set the purp value to the actual API that was called to be very specific

We should add a sub-section to describe the above in the draft.