Open marcusalmgren opened 1 year ago
The document https://github.com/OpenBanking-Brasil/specs-seguranca/blob/main/open-banking-brasil-financial-api-1_ID3.md says that the Authorization server "must refuse authentication requests that include an id_token_hint", and that clause should perhaps be rephrased to exclude the CIBA backchannel request to avoid possible conflicting statements.
That’s correct, this phrase conflicts with 5.2.2.1, it's reasonable to remove the item 21 from the 5.2.2.
The document https://github.com/OpenBanking-Brasil/specs-seguranca/blob/main/open-banking-brasil-financial-api-1_ID3.md says that the Authorization server "must refuse authentication requests that include an id_token_hint", and that clause should perhaps be rephrased to exclude the CIBA backchannel request to avoid possible conflicting statements.