[Openid-specs-fapi] Issue #112: Inconsistency around encrypted ID Tokens (openid/fapi)

Brian Campbell issues-reply at bitbucket.org
Thu Jul 6 20:25:54 UTC 2017

New issue 112: Inconsistency around encrypted ID Tokens

Brian Campbell:

5.2.2 Authorization Server has "should support signed and encrypted ID Token" while 5.2.4 Confidential Client has "shall require both JWS signed and JWE encrypted ID Tokens". The "should" in the first statement seems inconsistent with the "shall" in the second statement. 

It's not clear to me that encrypted ID Tokens are necessary so maybe both statements could use "should" or even "may"? Regardless the inconsistency should probably be resolved (or explain why it's not actually inconsistent).

More information about the Openid-specs-fapi mailing list