Closed jogu closed 1 year ago
Ah, https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html#rfc.section.7.1.1 in the upstream spec makes it clear that login_hint is a string. So it might be better to have this login hint specified as just "urn:brasil:openbanking:ciba:login-hint-token-type:as-generated".
urn:brasil:openbanking:ciba:login-hint-token-type:as-generated
The Brazil CIBA spec doesn't appear to define how the login_hint, e.g.:
{ "format": "urn:brasil:openbanking:ciba:login-hint-token-type:as-generated" }
is passed in the signed request object. It should explicitly state if it is a string or json object. An example should probably also be added.
See https://bitbucket.org/openid/mobile/issues/208/types-of-several-values-in-authentication too as the upstream spec could possibly be more explicit.