FAPI CIBA and ID Tokens
Issue #229
open
We discussed on the call today whether we need ID Tokens in the FAPI profile of CIBA.
They are not needed as a detached signature and so perhaps we should remove the need for them.
The core spec leaves an option open for CIBA to be used without the openid scope, but it would require us to specify some behaviour that is currently inferred or defined in OpenID Connect core (e.g. id_token_hint, etc.)
Comments (5)
-
reporter
-
- changed milestone to 2nd Implementers Draft
I can agree with that; I’ve tagged it as so, others are free to indicate their disagreement. Thanks Dave.
-
Agreed on call it was fine to defer this.
-
- changed status to open
@Dave Tonge , perhaps we should address this ticket now?
CIBA Core requires “openid” scope.
-
To be discussed.
- Log in to comment
- Assignee
- Type
- Priority
- Status
- open
- Component
- CIBA
- Milestone
- 2nd Implementers Draft
- Votes
- 0
- Watchers
- 4
@Joseph Heenan my suggestion with this one is to defer it to a later draft.
It think it would be quite a bit of work to remove the ID Token requirement now.