[Openid-specs-fapi] Issue #181: Userinfo response should be a jwt. OP's should support UserInfo JWT response (openid/fapi)
issues-reply at bitbucket.org
Sat Oct 13 15:38:04 UTC 2018
New issue 181: Userinfo response should be a jwt. OP's should support UserInfo JWT response
OpenID Connect core details how the userinfo endpoint responses can be provided as either a JSON payload or a JWT depending on the accept headers on the GET request.
If a FAPI profile is being used to provide Identity Information then OPs should certainly be providing the UserInfo endpoint as a signed JWT.
Suggest adding this to the next implementors draft.
More information about the Openid-specs-fapi