[Openid-specs-mobile-profile] Issue #161: CIBA: id_token_hint okay to be symmetrically encrypted (openid/mobile)

b_c issues-reply at bitbucket.org
Thu Jul 11 19:00:48 UTC 2019

New issue 161: CIBA: id_token_hint okay to be symmetrically encrypted

Brian Campbell:

CIBA -02 has the below. However, if the  id\_token\_hint was symmetrically encrypted, the client doesn’t have to decrypt it before sending to the AS/OP. 

> id\_token\_hint 
> OPTIONAL. An ID Token previously issued to the Client by the OpenID Provider being passed back as a hint to identify the end-user for whom authentication is being requested. If the ID Token received by the Client from the OP was encrypted, to use it as an id\_token\_hint, the client MUST decrypt the encrypted ID Token to extract the signed ID Token contained in it.


Just changing the “was encrypted” part to say “was asymmetrically encrypted” should fix it.

Responsible: Brian Campbell

More information about the Openid-specs-mobile-profile mailing list