[Openid-specs-fapi] JWT Secured Authorization Response Mode (next revision)

Torsten Lodderstedt torsten at lodderstedt.net
Fri Aug 17 12:08:47 UTC 2018

Hi all, 

I incorporated most of Brian’s feedback (Thanks a Lot!) into the document. 

Here is a list of the changes: 
- added description of response mode in conjunction with response type „token“
- added text on parameter encoding for both response types including examples
- added text re management of JWT response encryption and signing including defaults
- added reference to OIDC advice on encryption and signing key handling (including symmetric encryption based on client secrets)

You can access the current version here: https://bitbucket.org/openid/fapi/src/155-JWT-Secured-Authorization-Response-Mode/Financial_API_JWT_Secured_Authorization_Response_Mode.md

Still open is the question whether the „state" parameter shall stay outside the JWT. Here is a link to Vladimir’s posting on that aspect http://lists.openid.net/pipermail/openid-specs-fapi/2018-August/001003.html

Please read the posting and the respective section in the draft and give your feedback.  

kind regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3872 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20180817/3f46cc8c/attachment.p7s>

More information about the Openid-specs-fapi mailing list