[Openid-specs-fapi] Issue #130: we could be clearer about which id_token s_hash is in (openid/fapi)
issues-reply at bitbucket.org
Thu Jan 25 11:28:47 UTC 2018
New issue 130: we could be clearer about which id_token s_hash is in
The spec is arguably not clear if s_hash needs to be in the id_token return from authorisation, or the one from the token endpoint, or both.
OIDC core explicitly allows the other hashes to be omitted in the id_token returned from the token endpoint:
More information about the Openid-specs-fapi