none
algorithm was allowed in all flows.oic.consumer.Consumer.parse_authz
returns an unverified IdToken. The verification of the token was left to the discretion of the implementator.iat
claim was not checked for sanity (i.e. it could be in the future)none
algorithm is now allowed only if using the response_type
code
iat
claim is now checked for sanity.