[Openid-specs-ab] Issue #2058: direct_post.jwt vs require_authorization_encrypted_response (openid/connect)
alen_horvat
issues-reply at bitbucket.org
Fri Sep 1 14:39:11 UTC 2023
New issue 2058: direct_post.jwt vs require_authorization_encrypted_response
https://bitbucket.org/openid/connect/issues/2058/direct_postjwt-vs
Alen Horvat:
Hi.
Would it make sense to move the value, that defines whether the response must be encrypted or not, in the configuration?
e.g., direct\_post.jwt enables response encryption. All the encryption-related metadata is in the configuration, but whether or not the encryption is required.
Follow-up question is: would it make sense to also have a possibility to just encrypt the vp\_token? \(same JWE encryption approach as for the response\)
More information about the Openid-specs-ab
mailing list