openid / ekyc-ida / issues / #1214 - Add example for verified_claims included in access token — Bitbucket

Issue #1214 resolved

Kai Lehmann created an issue 2020-10-22

In section verified_claims delivery it is mentioned, that verified_claims can be included in the access token. We should add an example for this. OIDCC does allow to return claims in the ID token as well as the user info endpoint. The concept of having this inside of the access token is specific to eKYCC and should thus be exemplified.

Comments (4)

Kai Lehmann reporter
Also … not sure if this would mandate another ticket … the last part of the sentence is confusing: “OAuth Authorization Servers can add verified_claims to access tokens in JWT format or Token Introspection responses, either in plain JSON or JWT-protected format.” JWT is not a protection per se. It’s just a format. A JWT could be unsigned.
- 2020-10-22T13:35:53+00:00
Vladimir Dzhuvinov
Re access token example: my suggestion is to base it on the JWT profile developed at the OAuth WG, which is approaching completion:

https://tools.ietf.org/html/draft-ietf-oauth-access-token-jwt-10
- 2020-10-27T15:02:35+00:00
Kai Lehmann reporter
- assigned issue to
  
  Kai Lehmann
- 2021-02-03T14:21:03+00:00
Kai Lehmann reporter
- changed status to resolved
Addressed with PR#85
- 2021-10-28T13:06:27+00:00
Log in to comment

Assignee: Kai Lehmann

Type: task

Priority: minor

Status: resolved

Component: Core eKYC&IDA

Milestone: –

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!