[Openid-specs-ab] Lite Draft 9

Johnny Bufu jbufu at janrain.com
Thu Aug 25 19:24:03 UTC 2011


On 11-08-24 04:45 PM, Nat Sakimura wrote:
> That further increases the length of the id_token.

Lite/dumb clients that don't want to verify the id_token themselves 
could be given a short id_token.

Full/smart clients would receive the full id_token, but they won't need 
to query the check session endpoint, since they can verify it directly.

Clients could signal in the initial authorization request whether they 
are lite of full through one of the OAuth parameters - response_type or 
scope, whichever is more appropriate.

Johnny





More information about the Openid-specs-ab mailing list