[OpenID-Specs-eKYC-IDA] Issue #1217: Add guidance of where the use of userinfo endpoint is optimal. (openid/ekyc-ida)
Kosuke Koiwai
issues-reply at bitbucket.org
Tue Oct 27 09:15:01 UTC 2020
New issue 1217: Add guidance of where the use of userinfo endpoint is optimal.
https://bitbucket.org/openid/ekyc-ida/issues/1217/add-guidance-of-where-the-use-of-userinfo
Kosuke Koiwai:
The following issue was raised during a discussion at OIDF-Japan WG.
Some kind of guidance over which method should be chosen to transport verified claims - ID token of userinfo - will be appreciated.
There are some IdPs in Japan already providing KYC services, and most of them are using separate API endpoints to transfer claims, not through ID tokens.
It is because they don’t usually charge money for authentication but do charge for KYC. If they transfer the claims through ID tokens, the KYC transactions will be mixed with authentication transactions, and thus it will be difficult to count and charge.
Therefore, we want a clause in the spec recommending the use of userinfo endpoint for the use case described above.
And for the same reason \(to count API usage,\) the use of “txn” should be recommended as well.
More information about the Openid-specs-ekyc-ida
mailing list