[Openid-specs-ab] [openid/connect] Messages/Registration preclude a client who wants encrypted content but doesn't sign? (issue #820)
issues-reply at bitbucket.org
Thu Mar 28 12:05:31 UTC 2013
New issue 820: Messages/Registration preclude a client who wants encrypted content but doesn't sign?
Wouldn't it be reasonable to think that some clients would want encrypted id tokens sent to them but would not sign requests? I'd think so. But the wording for jwks_uri for clients at http://openid.net/specs/openid-connect-messages-1_0-16.html#sigenc.key would seem to preclude that (for asymmetric anyway).
Same/similar text is in http://openid.net/specs/openid-connect-registration-1_0.html#client-metadata for jwks_uri
This is an issue notification from bitbucket.org. You are receiving
this either because you are the owner of the issue, or you are
following the issue.
More information about the Openid-specs-ab