[Openid-specs-fapi] Issue #322: Editorial: Section 5.2.2.2.1. Duplicate Clause? (openid/fapi)
Ralph Bragg
issues-reply at bitbucket.org
Wed Sep 30 16:35:44 UTC 2020
New issue 322: Editorial: Section 5.2.2.2.1. Duplicate Clause?
https://bitbucket.org/openid/fapi/issues/322/editorial-section-52221-duplicate-clause
Ralph Bragg:
Are both statements required in this sentence. I’ve read both of them backwards and forwards trying to see how they could be interpreted differently.
1. if returning any sensitive personally identifiable information \(PII\) in the ID Token in the authorization response, should sign and encrypt the ID Token;
2. if not encrypting the ID Token, should not return sensitive personally identifiable information \(PII\) in the ID Token in the authorization response
More information about the Openid-specs-fapi
mailing list