openid / connect / issues / #520 - Messages 2.1.2.1 - Why is OpenID Request Object a JWT? — Bitbucket

Issue #520 invalid

Michael Jones created an issue 2012-01-19

Yaron Goland writes: "Why the heck is the request a JWT?!?? Why isn't it just plain JSON? Why make people go through all the base 64, multi-part overhead just to send a few optional parameters? This seems nuts."

Comments (2)

John Bradley
You have to base64 encode it anyway to pass it as a parameter. JWT is the standard way to do that. You can use a signing algorithm of none.
- 2012-01-19T23:03:53+00:00
Michael Jones reporter
- changed status to invalid
Closing as invalid on the basis of John's comments above. It's also not clear to us what the proposed alternative would look like.
- 2012-01-20T00:20:09+00:00
Log in to comment

Assignee: –

Type: bug

Priority: major

Status: invalid

Component: –

Milestone: –

Version: –

Votes: 0

Watchers: 0

Jira: the preferred issue tracker for Bitbucket. Join the team!