Closed ajmcmiddlin closed 5 years ago
§12 of the specification contains an example in which cdr_consent_id is an essential claim in both the id_token and userinfo claims. Is this correct? It seems redundant as I would expect cdr_consent_id to only appear in the id_token claim.
cdr_consent_id
id_token
userinfo
Yeah it needs to be in both as they control what is in the UserInfo response versus what goes in the ID Token (from the Token Endpoint)
§12 of the specification contains an example in which
cdr_consent_id
is an essential claim in both theid_token
anduserinfo
claims. Is this correct? It seems redundant as I would expectcdr_consent_id
to only appear in theid_token
claim.