[Openid-specs-ab] ServerMTI in Messages
torsten at lodderstedt.net
Wed Jan 30 11:25:48 UTC 2013
just re-read the MTI section of messages (8.1. specifically), which
caused two questions:
1) Assuming the scope values "profile", "email", "address" and "phone"
are required for all server implementations, how is a non-dynamic
OpenID provider supposed to expose this data? I'm asking since the
UserInfo endpoint is MTI for dynamic OpenID providers, only.
2) Which are the default signing algorithms for request objects?
Discovery says "Servers SHOULD support none and RS256".
More information about the Openid-specs-ab