- edited description
Messages - new response_type = id_token userinfo
In a scenario like IdP on a smartphone, user info access happens in the front channel, which results in a extra redirect dance, creating bad user experience, We can avoid it by having userinfo token returned with id_token. This is in line with what Microsoft requested in a different context, so it warrants valid use case that we may want to incorporate.
This would mean new response type
- id_token userinfo
- token id_token userinfo
- code id_token userinfo
Comments (7)
-
reporter -
- changed status to open
Doing this would satisfy issue
#281Obtaining claims without requiring additional round trips -
reporter -
assigned issue to
instead of response_type including 'userinfo' for separate token, use scope to request flat id_token that includes userinfo response.
This is conditional on the evaluation of session management.
Exact scope name to indicate the flat id_token request is to be determined by editors group.
-
assigned issue to
-
reporter Nothing of importance was noted during the session management editing spec, so we should proceed.
Scope name is TBD.
-
reporter claims_in_id_token as the scope name.
-
reporter Issue
#281was marked as a duplicate of this issue. -
reporter - changed status to resolved
Fix
#561. Added scope value claims_in_id_token as a switch to indicate claims shoudl go into id_token - Log in to comment