[Openid-specs-fapi] Issue #117: CIBA - Signature for succesful token notification (openid/fapi)

Dave Tonge issues-reply at bitbucket.org
Mon Jul 17 10:09:00 UTC 2017


New issue 117: CIBA - Signature for succesful token notification
https://bitbucket.org/openid/fapi/issues/117/ciba-signature-for-succesful-token

Dave Tonge:

In the CIBA spec, the AS sends a payload similar to the `Succesful Token Response` in OIDC. The connection is authenticated using a bearer token provided by the client.

The CIBA spec is a profile of OIDC and therefore requires an ID Token to be sent in this payload.

Should this ID Token contain an `at_hash` claim so that the client can be assured of the payload integrity?

If an `at_hash` claim is included, should there also be an `rt_hash`?

The current draft requires an `at_hash`.

Responsible: dgtonge


More information about the Openid-specs-fapi mailing list