From 169081ecb92db06fd949aaee3ce2549b7a28c179 Mon Sep 17 00:00:00 2001 From: cocotton Date: Sun, 26 Aug 2018 15:45:10 -0400 Subject: [PATCH] Replace "the type of token" with "this type of token" --- server_admin/topics/clients/client-oidc.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server_admin/topics/clients/client-oidc.adoc b/server_admin/topics/clients/client-oidc.adoc index 0719f3eb9f..a48ce8e2d4 100644 --- a/server_admin/topics/clients/client-oidc.adoc +++ b/server_admin/topics/clients/client-oidc.adoc @@ -126,7 +126,7 @@ Remember that you still have to click the `Save` button! [[_mtls-client-certificate-bound-tokens]] *OAuth 2.0 Mutual TLS Client Certificate Bound Access Token* -Mutual TLS binds an access token and a refresh token with a client certificate exchanged during TLS handshake. This prevents an attacker who finds a way to steal these tokens from exercising the tokens. The type of token is called a holder-of-key token. Unlike bearer tokens, the recipient of a holder-of-key token can verify whether the sender of the token is legitimate. +Mutual TLS binds an access token and a refresh token with a client certificate exchanged during TLS handshake. This prevents an attacker who finds a way to steal these tokens from exercising the tokens. This type of token is called a holder-of-key token. Unlike bearer tokens, the recipient of a holder-of-key token can verify whether the sender of the token is legitimate. If the following conditions are satisfied on a token request, {project_name} will bind an access token and a refresh token with a client certificate and issue them as holder-of-key tokens. If all conditions are not met, {project_name} rejects the token request.