[Openid-specs-mobile-profile] Issue #79: CIBA: Client requirements for verifying id token (openid/mobile)

Dave Tonge issues-reply at bitbucket.org
Wed Aug 29 13:01:42 UTC 2018


New issue 79: CIBA: Client requirements for verifying id token
https://bitbucket.org/openid/mobile/issues/79/ciba-client-requirements-for-verifying-id

Dave Tonge:

The current text has the requirement for the OP to include `at_hash` and `auth_req_id` in the ID Token. But there is no requirement for the Client to verify these values or an explanation of what to do is the values are invalid.




More information about the Openid-specs-mobile-profile mailing list