[Openid-specs-ab] How to handle encrypted id_token in authorization request.
Emmanuel Raviart
emmanuel at raviart.com
Sun Apr 15 11:48:46 UTC 2012
According to last draft of section "2.1.2. Authorization Request" of
"OpenID Connect Messages 1.0", the parameter id_token may be added to
authorization request:
http://openid.net/specs/openid-connect-messages-1_0.html#auth_req
But, when the id_token has been encrypted using the registered
id_token_encrypted_response_alg, the IdP will not be able to decrypt it.
How should an encrypted id_token be handled in authorization request?
Emmanuel
More information about the Openid-specs-ab
mailing list