[Openid-specs-fapi] JARM: jwt.query -> query.jwt

Brian Campbell bcampbell at pingidentity.com
Mon Sep 24 17:53:36 UTC 2018

Good catch. Thanks!


On Sat, Sep 22, 2018 at 6:28 PM Takahiko Kawasaki via Openid-specs-fapi <
openid-specs-fapi at lists.openid.net> wrote:

> Hello,
> The last paragraph in 4.3.1. Response Mode "query.jwt"
> <https://openid.net/specs/openid-financial-api-jarm.html#response-mode-query.jwt>
> says as follows.
> *Note: "jwt.query" MUST NOT be used in conjunction with response types
> that contain "token" or "id_token" unless the response JWT is encrypted to
> prevent token leakage in the URL.*
> "jwt.query" in the paragraph should be corrected to "query.jwt".
> Best Regards,
> Takahiko Kawasaki
> Authlete, Inc.
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fapi

_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20180924/be64f27f/attachment.html>

More information about the Openid-specs-fapi mailing list