<div dir="ltr">I think another argument would be that you would want to use the most recent authentication context, as the user may have stepped up since the original id_token was issued. That more current authentication context may influence what experience the OP chooses to offer the user</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Sep 5, 2014 at 2:46 PM, Mike Jones <span dir="ltr"><<a href="mailto:Michael.Jones@microsoft.com" target="_blank">Michael.Jones@microsoft.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal">Hi all. A question has come from our development team about which ID Token to send as the id_token_hint value. It would obviously be easy to hold onto the original ID Token received forever and keep using that in prompt=none requests.
The alternative is to use the newest ID Token received in an authentication response – such as the one received from the most recent prompt=none request.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">What guidance should we give developers in this regard?<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">One argument I could see for using the most recent one is that the older the ID Token is, the more likely it is that the key used to sign it has been rotated out and may not be remembered by the server. Other thoughts?<span class="HOEnZb"><font color="#888888"><u></u><u></u></font></span></p><span class="HOEnZb"><font color="#888888">
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"> -- Mike<u></u><u></u></p>
<p class="MsoNormal"><u></u><u></u></p>
</font></span></div>
</div>
<br>_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br>
<div style="padding-bottom:5px;margin-bottom:0">
<table style="height:40px">
<tbody>
<tr>
<td style="width:75px;vertical-align:top;height:79px">
<a href="https://www.pingidentity.com/" style="text-decoration:none" target="_blank"><img alt="Ping Identity logo" src="http://4.pingidentity.com/rs/pingidentity/images/EXP_PIC_square_logo_RGB_with_hard_drop.png" style="width:75px;height:79px;margin:0;border:none"></a></td>
<td style="vertical-align:top;padding-left:10px">
<div style="margin-bottom:7px">
<span style="color:#e61d3c;font-family:arial,helvetica,sans-serif;font-weight:bold;font-size:14px">Pam Dingle</span><br>
<span style="color:#000000;font-family:arial,helvetica,sans-serif;font-weight:normal;font-size:14px">Sr. Technical Architect</span></div>
<table>
<tbody>
<tr>
<td style="text-align:center;border-right:1px solid #e61d3c;padding:0 5px 0 0">
<span style="color:#e61d3c;font-family:arial,helvetica,sans-serif;font-weight:bold;font-size:14px">@</span></td>
<td style="text-align:left;padding:0 0 0 3px">
<span style="text-decoration:none;color:#000000;font-family:arial,helvetica,sans-serif;font-weight:normal;font-size:14px"><a href="mailto:pdingle@pingidentity.com" target="_blank">pdingle@pingidentity.com</a></span></td>
</tr>
<tr>
<td style="text-align:center;border-right:1px solid #e63c1d;padding:0;vertical-align:middle">
<img alt="phone" src="http://4.pingidentity.com/rs/pingidentity/images/EXP_phone_glyph.gif" style="width:13px;height:16px"></td>
<td style="text-align:left;padding:0 0 0 3px">
<span style="color:#000000;font-family:arial,helvetica,sans-serif;font-weight:normal;font-size:14px">+1 720.317.2081</span></td>
</tr>
<tr>
<td colspan="2" style="font-family:arial,helvetica,sans-serif;font-size:14px;font-weight:normal;padding-top:15px;color:#999999">
Connect with us…</td>
</tr>
<tr>
<td colspan="2">
<a href="https://twitter.com/pingidentity" style="text-decoration:none" title="Ping on Twitter" target="_blank"><img alt="twitter logo" src="http://4.pingidentity.com/rs/pingidentity/images/twitter.gif" style="width:20px;height:23px;border:none;margin:0"></a> <a href="https://www.youtube.com/user/PingIdentityTV" style="text-decoration:none" title="Ping on YouTube" target="_blank"><img alt="youtube logo" src="http://4.pingidentity.com/rs/pingidentity/images/youtube.gif" style="width:23px;height:23px;border:none;margin:0"></a> <a href="https://www.linkedin.com/company/21870" style="text-decoration:none" title="Ping on LinkedIn" target="_blank"><img alt="LinkedIn logo" src="http://4.pingidentity.com/rs/pingidentity/images/linkedin.gif" style="width:23px;height:23px;border:none;margin:0"></a> <a href="https://www.facebook.com/pingidentitypage" style="text-decoration:none" title="Ping on Facebook" target="_blank"><img alt="Facebook logo" src="http://4.pingidentity.com/rs/pingidentity/images/facebook.gif" style="width:23px;height:23px;border:none;margin:0"></a> <a href="https://plus.google.com/u/0/114266977739397708540" style="text-decoration:none" title="Ping on Google+" target="_blank"><img alt="Google+ logo" src="http://4.pingidentity.com/rs/pingidentity/images/google%2B.gif" style="width:23px;height:23px;border:none;margin:0"></a> <a href="http://www.slideshare.net/PingIdentity" style="text-decoration:none" title="Ping on SlideShare" target="_blank"><img alt="slideshare logo" src="http://4.pingidentity.com/rs/pingidentity/images/slideshare.gif" style="width:23px;height:23px;border:none;margin:0"></a> <a href="http://flip.it/vjBF7" style="text-decoration:none" title="Ping on Flipboard" target="_blank"><img alt="flipboard logo" src="http://4.pingidentity.com/rs/pingidentity/images/flipboard.gif" style="width:23px;height:23px;border:none;margin:0"></a> <a href="https://www.pingidentity.com/blogs/" style="text-decoration:none" title="Ping blogs" target="_blank"><img alt="rss feed icon" src="http://4.pingidentity.com/rs/pingidentity/images/rss.gif" style="width:23px;height:23px;border:none;margin:0"></a></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div>
</div>