- edited description
Messages - Request ID Token and Response ID Token
Issue #608
resolved
Till recently, we only had ID Token in the response, so the current write was ok. Now, we have id_token as request as well, and we should add explanation about it early on. Though we explain ID Token in 2.1.1, we have to wait until 2.1.2.1.3 to find it out.
For the authors, it may be clear as we know the structure of the spec pretty well, but for the general reader, it probably is not. It should clarify it and at least put a forward reference from 2.1.1 to 2.1.2.1.
Also, it is unclear how to request a user authentication of a particular user when the RP has never received the ID Token for the user yet. My take is that we create the id_token looking one by using user input etc. e.g.,
Then, the header is { "type":"JWT"} the body is {"email":"alice@example.com", "acr":"1"} OR {"xri":"=nat"} etc.
and send it as id_token parameter value in the authentication request.
We have not documented it, so we should.
Comments (8)
-
reporter
-
reporter
- edited description
-
reporter
- edited description
-
reporter
- edited description
-
-
assigned issue to
Nat Sakimura
- changed status to open
We will move the ID Token definition to earlier in the spec. Hopefully this might make the section hierarchy less deep as well.
We also discussed Blaine's request to authenticate a user with a specific identifier. This would likely be the identifier that discovery was done on. We're not currently passing this to the IdP. This is a different issue than
#608. We need a new bug and a proposal - Nat will do. One idea was to add a "value": qualifier to the e-mail request, but this isn't an actual semantic match. Nat will check that the "value": language is general-purpose. -
assigned issue to
-
reporter
Issue
#606was marked as a duplicate of this issue. -
reporter
Fixed with d7688846e41a
-
reporter
- changed status to resolved
- Log in to comment
