[Openid-specs-ab] Spec call notes 08-Aug-11
Johnny Bufu
jbufu at janrain.com
Wed Aug 10 18:00:31 UTC 2011
On 11-08-10 10:55 AM, Breno de Medeiros wrote:
> On Wed, Aug 10, 2011 at 10:51, Johnny Bufu<jbufu at janrain.com> wrote:
>> Why are two tokens needed (access_token and id_token)? I don't see in the
>> spec any reason that would prevent the use of just one token with both
>> introspection and userinfo endpoints.
>
> id_token is a transparent token that enables static validation and
> therefore avoids the RPCs altogether.
Both the Lite and Messages specs define it as opaque, not transparent.
Johnny
More information about the Openid-specs-ab
mailing list