[Openid-specs-ab] JWT claims in signed UserInfo responses

Nat Sakimura sakimura at gmail.com
Wed Nov 6 10:29:55 UTC 2013


+1 

And perhaps aud as well to prevent an accidental transfer to a third party. 
It is not a MUST but still is a good practice. 

=nat via iPhone

Nov 6, 2013 1:56、"Vladimir Dzhuvinov / NimbusDS" <vladimir at nimbusds.com> のメッセージ:

> Hi guys,
> 
> For UserInfo responses encoded as JWTs - which of the standard JWT
> claims, apart from the mandatory "sub", do you choose to include?
> 
> http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-12#section-4.1
> 
> It appears to me that in order for the UserInfo to be suitable for
> passing around as a JWT it should include at least the "iss" claim.
> 
> Thanks,
> 
> Vladimir
> 
> --
> Vladimir Dzhuvinov : www.NimbusDS.com : vladimir at nimbusds.com
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab


More information about the Openid-specs-ab mailing list