[Openid-specs-ab] Issue #867: Registration Section 2 id_token_signed_response_alg (openid/connect)
John Bradley
issues-reply at bitbucket.org
Thu Aug 15 03:31:02 UTC 2013
New issue 867: Registration Section 2 id_token_signed_response_alg
https://bitbucket.org/openid/connect/issue/867/registration-section-2
John Bradley:
Remove with the exception of "none" for valid algs. If a client requests no signature the server should be allowed to do it. For performance reasons a server only supporting the code flow might have clients register for none and avoid the RS256 signing if the clients don't need it.
The server MUST sign if the id_token is issued in the front channel, or the client has not configured itself out of band or through dynamic client registration for a alg of none.
The none parameter needs to also be allowed in discovery.
More information about the Openid-specs-ab
mailing list