On Mon, Nov 16, 2020, 12:56 PM Yasas Ramanayake (Intern) <[email protected]> wrote:
> Hi all, > > I'm in the process of fixing issue [1] > In our current implementation auth_time claim is sent in the ID token only > if it's requested by the client as an essential claim or when a max_age > request is made. However in one of the OIDC conformance suite test cases > they expect the ID token to have auth_time even without explicitly > requesting for it. Sending auth_time is optional according to specification > [2]. > > We can consider this as an improvement to our implementation and add the > auth_time by default to the id_token . Please share if you have any > concerns/suggestions regarding this. > > [1] https://github.com/wso2/product-is/issues/10391 > [2] https://openid.net/specs/openid-connect-core-1_0.html#IDToken > > > Regards, > -- > Yasas Ramanayake | Intern - Engineering | WSO2 Inc. > (m) +94717380767 | (w) +94115712082 | (e) [email protected] > [image: https://wso2.com/signature] <https://wso2.com/signature> > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
