Add example for verified_claims included in access token

Issue #1214 new
Kai Lehmann created an issue

In section verified_claims delivery it is mentioned, that verified_claims can be included in the access token. We should add an example for this. OIDCC does allow to return claims in the ID token as well as the user info endpoint. The concept of having this inside of the access token is specific to eKYCC and should thus be exemplified.

Comments (3)

  1. Kai Lehmann reporter

    Also … not sure if this would mandate another ticket … the last part of the sentence is confusing: “OAuth Authorization Servers can add verified_claims to access tokens in JWT format or Token Introspection responses, either in plain JSON or JWT-protected format.” JWT is not a protection per se. It’s just a format. A JWT could be unsigned.

  2. Log in to comment