[Openid-specs-fapi] Issue #130: we could be clearer about which id_token s_hash is in (openid/fapi)
Joseph Heenan
issues-reply at bitbucket.org
Thu Jan 25 11:28:47 UTC 2018
New issue 130: we could be clearer about which id_token s_hash is in
https://bitbucket.org/openid/fapi/issues/130/we-could-be-clearer-about-which-id_token
Joseph Heenan:
The spec is arguably not clear if s_hash needs to be in the id_token return from authorisation, or the one from the token endpoint, or both.
OIDC core explicitly allows the other hashes to be omitted in the id_token returned from the token endpoint:
https://openid.net/specs/openid-connect-core-1_0.html#HybridIDToken2
More information about the Openid-specs-fapi
mailing list