[Openid-specs-fapi] Issue #150: Mandate at_hash check in the ID Token from the token endpoint (openid/fapi)

Nat Sakimura issues-reply at bitbucket.org
Wed Jul 4 07:55:27 UTC 2018


New issue 150: Mandate at_hash check in the ID Token from the token endpoint
https://bitbucket.org/openid/fapi/issues/150/mandate-at_hash-check-in-the-id-token-from

Nat Sakimura:

In OIDC, `at_hash` is optional. 

Our intention is to protect all the messages so we need to mandate it to be included and the check to be performed.

Responsible: Nat


More information about the Openid-specs-fapi mailing list