OAuth 2 Security - Is the Client a Dumb Carrier of It?

In OAuth 2, the client has no idea what the format of the token is. So that left space in the OAuth 2 world for innovation as to what to put into these tokens and for some standardization. I've actually joined the working group and see some of your comments on the old stuff. We're happy to have you there. It is open membership. You don't have to pay anything. Just know that anything that you contribute is considered a contribution. And so security systems need to be able to live in the real world where they function when people don't actually care about them.