CIBA: id_token_hint okay to be symmetrically encrypted
CIBA -02 has the below. However, if the id_token_hint was symmetrically encrypted, the client doesn’t have to decrypt it before sending to the AS/OP.
id_token_hint
OPTIONAL. An ID Token previously issued to the Client by the OpenID Provider being passed back as a hint to identify the end-user for whom authentication is being requested. If the ID Token received by the Client from the OP was encrypted, to use it as an id_token_hint, the client MUST decrypt the encrypted ID Token to extract the signed ID Token contained in it.
Just changing the “was encrypted” part to say “was asymmetrically encrypted” should fix it.
Comments (4)
-
reporter -
reporter - changed component to CIBA
-
reporter - changed status to resolved
fixing
#161Merged in b_c/modrna-fork/i161 (pull request #65)Clarify that only an asymmetrically encrypted id_token_hint needs to be decrypted for issue
#161→ <<cset aebe1f1ed69b>>
-
reporter fixing
#161Merged in b_c/modrna-fork/i161 (pull request #65)Clarify that only an asymmetrically encrypted id_token_hint needs to be decrypted for issue
#161→ <<cset aebe1f1ed69b>>
- Log in to comment
Pull Request #65 has proposed changes for this