[Openid-specs-ab] Lite Draft 9
Johnny Bufu
jbufu at janrain.com
Thu Aug 25 19:24:03 UTC 2011
On 11-08-24 04:45 PM, Nat Sakimura wrote:
> That further increases the length of the id_token.
Lite/dumb clients that don't want to verify the id_token themselves
could be given a short id_token.
Full/smart clients would receive the full id_token, but they won't need
to query the check session endpoint, since they can verify it directly.
Clients could signal in the initial authorization request whether they
are lite of full through one of the OAuth parameters - response_type or
scope, whichever is more appropriate.
Johnny
More information about the Openid-specs-ab
mailing list