[Openid-specs-fapi] Issue #112: Inconsistency around encrypted ID Tokens (openid/fapi)
issues-reply at bitbucket.org
Thu Jul 6 20:25:54 UTC 2017
New issue 112: Inconsistency around encrypted ID Tokens
5.2.2 Authorization Server has "should support signed and encrypted ID Token" while 5.2.4 Confidential Client has "shall require both JWS signed and JWE encrypted ID Tokens". The "should" in the first statement seems inconsistent with the "shall" in the second statement.
It's not clear to me that encrypted ID Tokens are necessary so maybe both statements could use "should" or even "may"? Regardless the inconsistency should probably be resolved (or explain why it's not actually inconsistent).
More information about the Openid-specs-fapi