[Openid-specs-ab] Issue #2181: [Core 1.0] clarification on omitted ID Token claims (openid/connect)
panva
issues-reply at bitbucket.org
Fri Jul 18 10:07:10 UTC 2025
New issue 2181: [Core 1.0] clarification on omitted ID Token claims
https://bitbucket.org/openid/connect/issues/2181/core-10-clarification-on-omitted-id-token
Filip Skokan:
Similar to [¶ 13.3. JSON Serialization](https://openid.net/specs/openid-connect-core-1_0.html#JSONSerialization) I’d like to make it clear that omitted ID Tokens claims should not be represented as JSON null values.
JSON null is a unique data type indicating an attribute is present but has no value. Every now and then a provider sticks e.g. a `"nonce": null` \(when no nonce was used for a request\) in an ID Token which immediately trips up validations that checks that when a claim is present it should be, in this example case, a string.
PR #751
More information about the Openid-specs-ab
mailing list