[Openid-specs-fapi] JARM: jwt.query -> query.jwt
Takahiko Kawasaki
taka at authlete.com
Sun Sep 23 00:28:09 UTC 2018
Hello,
The last paragraph in 4.3.1. Response Mode "query.jwt"
<https://openid.net/specs/openid-financial-api-jarm.html#response-mode-query.jwt>
says as follows.
*Note: "jwt.query" MUST NOT be used in conjunction with response types that
contain "token" or "id_token" unless the response JWT is encrypted to
prevent token leakage in the URL.*
"jwt.query" in the paragraph should be corrected to "query.jwt".
Best Regards,
Takahiko Kawasaki
Authlete, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20180923/05c03b52/attachment.html>
More information about the Openid-specs-fapi
mailing list