Messages 2.1.2.1 - Why is OpenID Request Object a JWT?
Issue #520
invalid
Yaron Goland writes: "Why the heck is the request a JWT?!?? Why isn't it just plain JSON? Why make people go through all the base 64, multi-part overhead just to send a few optional parameters? This seems nuts."
Comments (2)
-
-
reporter - changed status to invalid
Closing as invalid on the basis of John's comments above. It's also not clear to us what the proposed alternative would look like.
- Log in to comment
You have to base64 encode it anyway to pass it as a parameter. JWT is the standard way to do that. You can use a signing algorithm of none.