openid / connect / issues / #507 - Registration - 2.1 possibly missing require_encrypted_request_object parameter — Bitbucket

Issue #507 invalid

Edmund Jay created an issue 2012-01-11

The Discovery spec can discover the supported signature and encryption algorithms of the request object for the Authorization server, but the Registration spec has not have a corresponding parameter to register the encryption algorithm preferences for the request object like the userinfo and id token.

Comments (2)

John Bradley
- assigned issue to
  
  John Bradley
- 2012-01-16T21:59:54+00:00
John Bradley
- changed status to invalid
If the server is not accepting unsigned requests, then the client is free to encrypt or not encrypt under it's control. Adding require encrypted request object won't add any security.

Invalid
- 2012-01-16T22:02:36+00:00
Log in to comment

Assignee: John Bradley

Type: bug

Priority: major

Status: invalid

Component: –

Milestone: –

Version: –

Votes: 0

Watchers: 0

Jira Software: the preferred issue tracker for Bitbucket. Join the team!