[Openid-specs-ab] Issue #1431: How to request SIOP? (openid/connect)
tlodderstedt
issues-reply at bitbucket.org
Tue Feb 8 14:58:51 UTC 2022
New issue 1431: How to request SIOP?
https://bitbucket.org/openid/connect/issues/1431/how-to-request-siop
Torsten Lodderstedt:
There is currently no way for a RP to explicitly request self-issued ID tokens, the RP also cannot request that 3rd party attested \(aka traditional\) ID tokens are issued. That basically means a RP must be able to process whatever kind of ID token is returned.
I think it would be better to let the RP specify \(1\) what it supports \(client metadata\) or \(2\) explicitly request a certain style of ID token in the request.
\(1\) the client metadata parameter `subject_type` is not completely suited since it only supports a single value. I would prefer a multi-value parameter.
\(2\) That could be done by adding another request parameter \(or another multi value attribute “type” for the `sub` claim in the claims parameter\).
More information about the Openid-specs-ab
mailing list