[Openid-specs-fapi] JARM: jwt.query -> query.jwt

Takahiko Kawasaki taka at authlete.com
Sun Sep 23 00:28:09 UTC 2018


The last paragraph in 4.3.1. Response Mode "query.jwt"
says as follows.

*Note: "jwt.query" MUST NOT be used in conjunction with response types that
contain "token" or "id_token" unless the response JWT is encrypted to
prevent token leakage in the URL.*

"jwt.query" in the paragraph should be corrected to "query.jwt".

Best Regards,
Takahiko Kawasaki
Authlete, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20180923/05c03b52/attachment.html>

More information about the Openid-specs-fapi mailing list