[mitreid-connect] OpenID Token

Yannick Béot yannick.beot at gmail.com
Thu Nov 6 00:38:39 EST 2014


Hi,

To my understanding, in MITREid connect's implementation, openid does not
contain any claims on the subject except "sub".
So the client application has to query the userinfo to get some basic info
such as firstname, lastname, etc.

JWT allows to be extended and therefore should be able to contain profile's
information.

I guess we want the idtoken super light, but to have this additionnal round
trip to query the userinfo add delay and complexity. For instance, in an
implicit flow, would not we have to put in place CORS because of this
userinfo?

Should not MITREid connect allow to extend the idtoken?
What do you think?

Best regards,

Yannick Beot
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20141106/71015658/attachment.htm


More information about the mitreid-connect mailing list