Hi All, According to [1] when we generate OIDC ID Token at_hash value should be included only for Authorization Code grant type. According to current implementation at_hash value is included in both Authorization Code grant type generated ID Tokens and Implicit grant type generated ID Tokens. Shall we remove at_hash value from Implicit grant type generated ID Tokens ?
WDYT ? [1] http://openid.net/specs/openid-connect-core-1_0.html#CodeIDToken -- Gayan Gunawardana Software Engineer; WSO2 Inc.; http://wso2.com/ Email: [email protected] Mobile: +94 (71) 8020933
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
