CIBA: encryption of backchannel authentication request

Issue #105 resolved
Takahiko Kawasaki created an issue

Is there any plan to support encryption of backchannel authentication request JWT?

If encryption does not have to be supported, it would be kind to mention it (from an implementer's point of view).

If encryption should be supported, it should be mentioned and new client metadata would be necessary.

Comments (6)

  1. Brian Campbell

    Agree that JWE encryption of the backchannel authentication request shouldn't be supported.

    And I feel like the wording in section 7.1.1. that is specifically named "Signed Authentication Request" is pretty clear that it's just JWS signed authentication requests and not encrypted requests. But if folks really feel it needs to be mentioned explicitly, we could add a sentence to 7.1.1..

  2. Brian Campbell

    pull request #30 would add a note to the end of the "Signed Authentication Request" section saying that encryption isn't supported

  3. Brian Campbell

    merged pull requests #30, which notes in the Signed Authentication Request section that encrypted JWT authentication requests are not supported

  4. Log in to comment