[Openid-specs-heart] Issue #3: "sub" in JWT (openid/heart)

Justin Richer issues-reply at bitbucket.org
Fri Mar 11 22:08:56 UTC 2016

New issue 3: "sub" in JWT

Justin Richer:

Do we want to require sub in all JWTs? This could be privacy-leaking since it references a person not a software component.

Either make it optional or remove reference entirely.

Either way, the example doesn't include it.

More information about the Openid-specs-heart mailing list