CIBA: rt_hash
In the page 21 of the 6th draft (draft-mobile-client-initiated-backchannel-authentication-06), urn:openid:params:jwt:claim:rt_hash
is defined. If possible, giving a shorter name, rt_hash
, would be better, considering similarity to at_hash
(OIDC Core), c_hash
(OIDC Core) and s_hash
(FAPI Part 2).
Comments (8)
-
-
please see Issue
#93 -
-
assigned issue to
-
assigned issue to
-
The IANA expert mentioned in
#93is usually right, although in the past we most of the time moved from long strings to just something short. Ages ago we had schema.org url for attribute names, today we have just e.g. 'email'.Maybe ask the expert again whether rt_hash needs IANA blessings.
Shorter is better.
-
In the spirit of full disclosure, I am one of the 'designated experts' for the JWT claims registry and
#93was written with that perspective. -
During the Nov 13 MODRNA WG call there was general consensus to keep the public claim names. But to also add a bit of explanatory text, maybe in the IANA section.
-
pull request
#50adds a JWT claims subsection to the IANA considerations explaining why no claims registration is requested and why collision resistant public names were used for the refresh token hash and auth_req_id -
- changed status to resolved
Pull request merged
- Log in to comment
I agree. Let's make it rt_hash