[Openid-specs-ab] [openid/connect] Messages, Multi Response - Cope with bloating id_token_hint in self-issued cases (issue #668)

Nat Sakimura issues-reply at bitbucket.org
Thu Oct 18 05:31:27 UTC 2012

--- you can reply above this line ---

New issue 668: Messages,Multi Response - Cope with bloating id_token_hint in self-issued cases

Nat Sakimura:

The idea of userinfo_token has been rejected in the past saying that claims can be introduced to id_token. 

Including claims in id_token is fine as long as we do not send it as hint (id_token_hint). After having built an implementation, we now feel that it is a bit of pain not to have userinfo_token, especially, in the cases such that user's picture is included in the id_token claims, as the size becomes a performance issue. 

One could argue that one should only include picture URL, but this defeats the purpose of self-issued OP as that picture url will act as a global identifier. 

It seems in such cases, we may want to have userinfo_token so that the claims can be sent outside of id_token. 

I would appreciate the WG to discuss this issue in the coming F2F. 


This is an issue notification from bitbucket.org. You are receiving
this either because you are the owner of the issue, or you are
following the issue.

More information about the Openid-specs-ab mailing list