ncompatible values for auth_time in id_token claims of request object
Issue #611
resolved
In "OpenID Connect Messages 1.0 - draft 12", section "2.1.1.1.2. "id_token" member" states that the auth_time value in id_token claims should be null when auth_time is required in id_token.
This is incompatible with example in "2.1.2.1. OpenID Request Object", that has the value "{"essential": true}" for auth_time.
Comments (5)
-
-
-
assigned issue to
- changed status to open
-
assigned issue to
-
- changed status to new
-
- edited description
-
- changed status to resolved
Fixed
#611- Messages - Changed the default test to indicate that the value of auth_time needs to be essential - Log in to comment
The default was changed to essential: false from required: true.
sending null is now interpreted as optional, the text needs to change, the example is correct.