> Am 06.01.2020 um 23:50 schrieb John Bradley <ve7...@ve7jtb.com>: > > A client could duplicate those outside the request object for some sort of > backwards compatability but they will be ignored. > Is this used for backward compatibility with the OIDC servers? > What we have lost is the merge capability. There are some use cases that > could use that to have a presigned object that some paramaters like state are > outside. >
Is this option used in the wild? As far as I understand the main use case is a 3rd party signing the request object that way entitling the client for something. I‘m asking since in my experience any kind of entitlement by a 3rd party is handled behind the scene using registries.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
