[Openid-specs-ab] Is c_hash required in Basic Client Profile?
Chuck Mortimore
cmortimore at salesforce.com
Mon Aug 19 17:08:10 UTC 2013
In Messages Draft 20, we have c_hash as a required element of id_token if
the response_type=code. However, Basic 28 does not cover c_hash at all in
section 2.2 (at_hash is covered strangely enough, despite implicit not
being covered in basic)
I'm assuming this is required, and we've got a minor spec bug....?
-cmort
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130819/078dc611/attachment.html>
More information about the Openid-specs-ab
mailing list