[Openid-specs-ab] Stackoverflow question.

Nat Sakimura sakimura at gmail.com
Tue Jun 19 12:54:18 UTC 2018


I received the following message at the OIDF Facebook page.
Perhaps could someone take care of it?



Can you please take a look at
https://stackoverflow.com/questions/50740532/should-id-token-contain-claims-when-used-during-authorization-code-flow
and give your response there?

Multiple authorization providers implementing oidc have this implemented
differently - sometimes id_token contains claims when access_token is
returned, sometimes not and call to userInfo is required, sometimes it is
in both userInfo and id_token which is quite confusing why this is in
multiple places, what is the reasoning behind it. In my opinion this should
be clarified in the documentation, how it should be implemented according
to openid standard.
-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20180619/40fb63f1/attachment.html>


More information about the Openid-specs-ab mailing list