[Openid-specs-heart] Issue #3: "sub" in JWT (openid/heart)
issues-reply at bitbucket.org
Fri Mar 11 22:08:56 UTC 2016
New issue 3: "sub" in JWT
Do we want to require sub in all JWTs? This could be privacy-leaking since it references a person not a software component.
Either make it optional or remove reference entirely.
Either way, the example doesn't include it.
More information about the Openid-specs-heart