[Openid-specs-fapi] JARM: jwt.query -> query.jwt
Brian Campbell
bcampbell at pingidentity.com
Mon Sep 24 17:53:36 UTC 2018
Good catch. Thanks!
https://bitbucket.org/openid/fapi/pull-requests/77/jarm-jwtquery-queryjwt/diff
On Sat, Sep 22, 2018 at 6:28 PM Takahiko Kawasaki via Openid-specs-fapi <
openid-specs-fapi at lists.openid.net> wrote:
> Hello,
>
> The last paragraph in 4.3.1. Response Mode "query.jwt"
> <https://openid.net/specs/openid-financial-api-jarm.html#response-mode-query.jwt>
> says as follows.
>
> *Note: "jwt.query" MUST NOT be used in conjunction with response types
> that contain "token" or "id_token" unless the response JWT is encrypted to
> prevent token leakage in the URL.*
>
>
> "jwt.query" in the paragraph should be corrected to "query.jwt".
>
> Best Regards,
> Takahiko Kawasaki
> Authlete, Inc.
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
>
--
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged
material for the sole use of the intended recipient(s). Any review, use,
distribution or disclosure by others is strictly prohibited. If you have
received this communication in error, please notify the sender immediately
by e-mail and delete the message and any file attachments from your
computer. Thank you._
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20180924/be64f27f/attachment.html>
More information about the Openid-specs-fapi
mailing list