[Openid-specs-fapi] Issue #192: JARM: Default JWS alg for authorization_signed_response_alg needs reconsidering (openid/fapi)

Vladimir Dzhuvinov issues-reply at bitbucket.org
Tue Nov 13 13:14:41 UTC 2018


New issue 192: JARM: Default JWS alg for authorization_signed_response_alg needs reconsidering
https://bitbucket.org/openid/fapi/issues/192/jarm-default-jws-alg-for

Vladimir Dzhuvinov:

It's nice to have a sensible default JWS alg (RS256) for JARM, however in the absence of another parameter to signal a client's intent to register for JARM, clients that don't want it will also end up getting registered for JARM.

My suggestion to register the client for regular authZ responses when the parameter is omitted.




More information about the Openid-specs-fapi mailing list