carmenlau
commented
4 years ago We also mention we support Authorization Server Metadata
Updated. I defined some of the metadata values, see if it looks good, specially the claims_supported.
The ID token must be signed. I guess we will have a per app key pair to sign ID token?
I added a section for id token signing, not sure if it is a good idea to store the keys in app config. If it is not good, I think we can store it in TenantConfiguration level. But controller may needs to add apis to manage the keys. Open to discuss.
louischan-oursky
Rendered Document