[Openid-specs-heart] Issue #3: "sub" in JWT (openid/heart)

Justin Richer issues-reply at bitbucket.org
Fri Mar 11 22:08:56 UTC 2016


New issue 3: "sub" in JWT
https://bitbucket.org/openid/heart/issues/3/sub-in-jwt

Justin Richer:

Do we want to require sub in all JWTs? This could be privacy-leaking since it references a person not a software component.

Either make it optional or remove reference entirely.

Either way, the example doesn't include it.




More information about the Openid-specs-heart mailing list