[Openid-specs-mobile-profile] Issue #161: CIBA: id_token_hint okay to be symmetrically encrypted (openid/mobile)
issues-reply at bitbucket.org
Thu Jul 11 19:00:48 UTC 2019
New issue 161: CIBA: id_token_hint okay to be symmetrically encrypted
CIBA -02 has the below. However, if the id\_token\_hint was symmetrically encrypted, the client doesn’t have to decrypt it before sending to the AS/OP.
> OPTIONAL. An ID Token previously issued to the Client by the OpenID Provider being passed back as a hint to identify the end-user for whom authentication is being requested. If the ID Token received by the Client from the OP was encrypted, to use it as an id\_token\_hint, the client MUST decrypt the encrypted ID Token to extract the signed ID Token contained in it.
Just changing the “was encrypted” part to say “was asymmetrically encrypted” should fix it.
Responsible: Brian Campbell
More information about the Openid-specs-mobile-profile