[Openid-specs-mobile-profile] Issue #97: CIBA - Clarify privacy issues with login_hint_token and discovery service (openid/mobile)
issues-reply at bitbucket.org
Tue Oct 16 14:57:17 UTC 2018
New issue 97: CIBA - Clarify privacy issues with login_hint_token and discovery service
John brought up the point that for CIBA use cases, the user would have to give the RP an identifier to pass to the discovery service. Therefore its unlikely to bring any privacy benefits to CIBA from using an encrypted login_hint_token from a discovery service.
We should update the draft to reflect this.
More information about the Openid-specs-mobile-profile