...
- Welcome
- Please add or remove yourself from the attendees list
Issues and PRs. Priority discussions (most active issues and/or dependencies for release v0.2):
- new issue "SP supporting CIBA with two IDPs: B2B/B2C" #141
- issue More than one "purpose" in an authorization request. #140
- issue Clarify role and usage of id token #136
- issue Clarification needed for login_hint, login_hint_token and id_token_hint #133
- issue Proposal to define a strict value for aud claim in the private_key_jwt #127
- PR Camara OIDC profile #121
- How to handle the absence of the
openid
scope in the authorize request - Valid values for
aud
claim in client assertions: Issue #127 - Which error to return, if the user has revoked consent.
- Purpose
- How to handle the absence of the
- YAML file for OIDC endpoints: propose to add to ICM repository
AoB
Welcome
Discussion on issue "SP supporting CIBA with two IDPs: B2B/B2C" #141
...
elisabeth.mueller@ericsson.com
Axel: We see that there might be UX issues if a clients needs to ask for multiple purposes but we got no business requirement from anybody.
After a long discussion we seem agree that the keep the basic idea to have a request-parameter `purpose`.
Axel proposed a wording change:
Discussion on issue "Clarify role and usage of id token #136"
...
Discussion on "Proposal to define a strict value for aud claim in the private_key_jwt #127"
Propose to only allow a single value for aud claim and the aud claim value has to be the endpoint of the API invocation.
Discussion on "Camara OIDC profile #121"
...