[Openid-specs-ab] Stackoverflow question.

Thomas Broyer t.broyer at gmail.com
Tue Jun 19 14:21:45 UTC 2018


On Tue, Jun 19, 2018 at 2:54 PM Nat Sakimura via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:

> I received the following message at the OIDF Facebook page.
> Perhaps could someone take care of it?
>
>
>
> Can you please take a look at
> https://stackoverflow.com/questions/50740532/should-id-token-contain-claims-when-used-during-authorization-code-flow
> and give your response there?
>
> Multiple authorization providers implementing oidc have this implemented
> differently - sometimes id_token contains claims when access_token is
> returned, sometimes not and call to userInfo is required, sometimes it is
> in both userInfo and id_token which is quite confusing why this is in
> multiple places, what is the reasoning behind it. In my opinion this should
> be clarified in the documentation, how it should be implemented according
> to openid standard.
>

Fwiw, I don't think it needs clarification:
https://stackoverflow.com/a/50930696/116472
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20180619/a45881e4/attachment.html>


More information about the Openid-specs-ab mailing list