CIBA: encryption of backchannel authentication request

Issue #105 resolved
Takahiko Kawasaki
created an issue

Is there any plan to support encryption of backchannel authentication request JWT?

If encryption does not have to be supported, it would be kind to mention it (from an implementer's point of view).

If encryption should be supported, it should be mentioned and new client metadata would be necessary.

Comments (6)

  1. Brian Campbell

    Agree that JWE encryption of the backchannel authentication request shouldn't be supported.

    And I feel like the wording in section 7.1.1. that is specifically named "Signed Authentication Request" is pretty clear that it's just JWS signed authentication requests and not encrypted requests. But if folks really feel it needs to be mentioned explicitly, we could add a sentence to 7.1.1..

  2. Log in to comment