Closed nabokihms closed 1 month ago
nabokihms
commented
11 months ago This is from the Rfc 8414 https://www.rfc-editor.org/rfc/rfc8414.html (missed that this is not a part of the oidc spec). I think claims is what I need, thank you for pointing me.
ericchiang
commented
11 months ago Thanks! For what it's worth, I think adding support for supplementary specs is great. I'd just want to figure out if there's any additional API we can present more than parsing the string.
E.g. what we do for the at_hash support or device authorization https://github.com/coreos/go-oidc/pull/365
nabokihms
commented
1 month ago Closing since we solved the problem the way ericchiang suggested.
This is required if an RP wants to use PKCE, but doesn't know whether the provider supports the code challenge or not.