[Openid-specs-mobile-profile] Issue #165: nbf and jti claims in section 7.1.1. (openid/mobile)
jolivasf
issues-reply at bitbucket.org
Fri Sep 27 09:14:45 UTC 2019
New issue 165: nbf and jti claims in section 7.1.1.
https://bitbucket.org/openid/mobile/issues/165/nbf-and-jti-claims-in-section-711
Jorge Oliva:
In Section [7.1.1.](https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html#rfc.section.7.1.1) say that “The JWT MUST also contain the following [\[RFC7519\]](https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html#RFC7519) registered claims:“ and then in the list nbf and jti appear, but reading the JWT specification this claims are optionals and also reading OpenId Connect Core Section 6 where describe the “Passing a Request Object by Value“ only say that claims `iss` and `aud` are mandatory if the JWT requets is signed.
The question here is, why CIBA put nbf and jti claim as mandatory?
More information about the Openid-specs-mobile-profile
mailing list