Hi There,
In essence,a web application(client) seeking oAuth Access token for a user login.Essentially they provide response_type=code and in exchange we(ssg) send Access token.I was presuming the encrypted Access token may contain the logged in userid(email) and the ask was, do we got to share the gateway public key with client to decrypt that access token which essentially sent after authentication with the gateway?