-
assigned issue to
CIBA: Client requirements for verifying id token
Issue #79
resolved
The current text has the requirement for the OP to include at_hash
and auth_req_id
in the ID Token. But there is no requirement for the Client to verify these values or an explanation of what to do is the values are invalid.
Comments (3)
-
reporter -
reporter -
- changed status to resolved
merged pull request
#20 - Log in to comment