1. Nat Sakimura
  2. connect
  3. Issues
Issue #227 resolved

Messages 6.2 signed response and server check (Editorial)

Casper Biering
created an issue

1) The response cannot be signed, only id_token.

2) Spec says "Check that the OP that responded was really the intended OP through a TLS/SSL server certificate check."

Authorization Response is not a server-side request.