[Openid-specs-fapi] Issue #192: JARM: Default JWS alg for authorization_signed_response_alg needs reconsidering (openid/fapi)
issues-reply at bitbucket.org
Tue Nov 13 13:14:41 UTC 2018
New issue 192: JARM: Default JWS alg for authorization_signed_response_alg needs reconsidering
It's nice to have a sensible default JWS alg (RS256) for JARM, however in the absence of another parameter to signal a client's intent to register for JARM, clients that don't want it will also end up getting registered for JARM.
My suggestion to register the client for regular authZ responses when the parameter is omitted.
More information about the Openid-specs-fapi