[Openid-specs-fapi] Issue #181: Userinfo response should be a jwt. OP's should support UserInfo JWT response (openid/fapi)
Ralph Bragg
issues-reply at bitbucket.org
Sat Oct 13 15:38:04 UTC 2018
New issue 181: Userinfo response should be a jwt. OP's should support UserInfo JWT response
https://bitbucket.org/openid/fapi/issues/181/userinfo-response-should-be-a-jwt-ops
Ralph Bragg:
OpenID Connect core details how the userinfo endpoint responses can be provided as either a JSON payload or a JWT depending on the accept headers on the GET request.
If a FAPI profile is being used to provide Identity Information then OPs should certainly be providing the UserInfo endpoint as a signed JWT.
Suggest adding this to the next implementors draft.
More information about the Openid-specs-fapi
mailing list