[Openid-specs-ab] How to handle encrypted id_token in authorization request.
Nat Sakimura
sakimura at gmail.com
Sun Apr 15 21:48:49 UTC 2012
When id_token is encrypted by JWE, it is typically signed and encrypted.
The client/RP should decrypt the received encrypted id_token, take out the
signed but unencrypted id_token, and send it to the authorization server.
Nat Sakimura
On Sun, Apr 15, 2012 at 1:48 PM, Emmanuel Raviart <emmanuel at raviart.com>wrote:
> According to last draft of section "2.1.2. Authorization Request" of
> "OpenID Connect Messages 1.0", the parameter id_token may be added to
> authorization request:
> http://openid.net/specs/**openid-connect-messages-1_0.**html#auth_req<http://openid.net/specs/openid-connect-messages-1_0.html#auth_req>
>
> But, when the id_token has been encrypted using the registered
> id_token_encrypted_response_**alg, the IdP will not be able to decrypt it.
>
> How should an encrypted id_token be handled in authorization request?
>
> Emmanuel
> ______________________________**_________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.**net <Openid-specs-ab at lists.openid.net>
> http://lists.openid.net/**mailman/listinfo/openid-specs-**ab<http://lists.openid.net/mailman/listinfo/openid-specs-ab>
>
--
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120415/9b83a42c/attachment.html>
More information about the Openid-specs-ab
mailing list