[Openid-specs-fapi] Issue #117: CIBA - Signature for succesful token notification (openid/fapi)
Dave Tonge
issues-reply at bitbucket.org
Mon Jul 17 10:09:00 UTC 2017
New issue 117: CIBA - Signature for succesful token notification
https://bitbucket.org/openid/fapi/issues/117/ciba-signature-for-succesful-token
Dave Tonge:
In the CIBA spec, the AS sends a payload similar to the `Succesful Token Response` in OIDC. The connection is authenticated using a bearer token provided by the client.
The CIBA spec is a profile of OIDC and therefore requires an ID Token to be sent in this payload.
Should this ID Token contain an `at_hash` claim so that the client can be assured of the payload integrity?
If an `at_hash` claim is included, should there also be an `rt_hash`?
The current draft requires an `at_hash`.
Responsible: dgtonge
More information about the Openid-specs-fapi
mailing list