Open nabokihms opened 8 months ago
nabokihms
commented
8 months ago This is from the Rfc 8414 https://www.rfc-editor.org/rfc/rfc8414.html (missed that this is not a part of the oidc spec). I think claims is what I need, thank you for pointing me.
ericchiang
commented
8 months ago Thanks! For what it's worth, I think adding support for supplementary specs is great. I'd just want to figure out if there's any additional API we can present more than parsing the string.
E.g. what we do for the at_hash support or device authorization https://github.com/coreos/go-oidc/pull/365
This is required if an RP wants to use PKCE, but doesn't know whether the provider supports the code challenge or not.