CIBA: encryption of backchannel authentication request
Is there any plan to support encryption of backchannel authentication request JWT?
If encryption does not have to be supported, it would be kind to mention it (from an implementer's point of view).
If encryption should be supported, it should be mentioned and new client metadata would be necessary.
Comments (6)
-
-
- changed component to CIBA
- changed milestone to CIBA Implementer's Draft
-
Agree that JWE encryption of the backchannel authentication request shouldn't be supported.
And I feel like the wording in section 7.1.1. that is specifically named "Signed Authentication Request" is pretty clear that it's just JWS signed authentication requests and not encrypted requests. But if folks really feel it needs to be mentioned explicitly, we could add a sentence to 7.1.1..
-
-
assigned issue to
-
assigned issue to
-
pull request
#30would add a note to the end of the "Signed Authentication Request" section saying that encryption isn't supported -
- changed status to resolved
merged pull requests
#30, which notes in the Signed Authentication Request section that encrypted JWT authentication requests are not supported - Log in to comment
I don't think we should support it - but we can discuss on the call today.