Hi, Did you consider using the (already IANA registered) at_hash claim defined in: https://openid.net/specs/openid-connect-core-1_0.html#CodeIDToken instead of defining a new ath claim?
It seems like if we don't use at_hash we should explain why ath is better/different. Thanks, -rohan
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
