FAPI-RW ID2 needs some further tweaks for JARM

Issue #221 resolved
Joseph Heenan created an issue

FAPI-RW ID2 contains a few clauses that don't appear to be excluded when using JARM but don't make sense when JARM is being used:

  • 5.2.2-8 requires the AS support signed id_tokens

  • public/confidential clients "shall require JWS signed ID Token be returned from endpoints;"

Neither clause are obviously called out as ones to ignore in "5.2.5. JWT Secured Authorization Response Mode"

Comments (8)

  1. Torsten Lodderstedt

    I added all the clauses I think can/must be omitted when using JARM from 5.2.2, 5.2.4 and 5.2.4.

  2. Log in to comment