[Openid-specs-ab] Issue #1272: client_id in SIOP (openid/connect)

Kristina Yasuda issues-reply at bitbucket.org
Tue Jul 27 21:29:35 UTC 2021

New issue 1272: client_id in SIOP

Kristina Yasuda:

Currently, SIOP assumes that \`client\_id\` = \`redirect\_uri\`. However taking into account that cross-device SIOP model is being considered/implemented, it would make sense to use both \`client\_id\` and \`redirect\_uri\` in SIOP just like in the Implicit Flow.

More concretely, when SIOP request is signed, there is a need to validate a signature against the appropriate key for the \`client\_id\`, which is not the same as \`redirect\_uri\` where SIOP is sending the response.

More information about the Openid-specs-ab mailing list