[Openid-specs-ab] [openid/connect] Messages/Registration preclude a client who wants encrypted content but doesn't sign? (issue #820)

Brian Campbell issues-reply at bitbucket.org
Thu Mar 28 12:05:31 UTC 2013


New issue 820: Messages/Registration preclude a client who wants encrypted content but doesn't sign?
https://bitbucket.org/openid/connect/issue/820/messages-registration-preclude-a-client

Brian Campbell:

Wouldn't it be reasonable to think that some clients would want encrypted id tokens sent to them but would not sign requests? I'd think so. But the wording for jwks_uri for clients at http://openid.net/specs/openid-connect-messages-1_0-16.html#sigenc.key would seem to preclude that (for asymmetric anyway).

Same/similar text is in http://openid.net/specs/openid-connect-registration-1_0.html#client-metadata for  jwks_uri





--

This is an issue notification from bitbucket.org. You are receiving
this either because you are the owner of the issue, or you are
following the issue.


More information about the Openid-specs-ab mailing list