[Openid-specs-ab] [openid/connect] Mesages - 2.1.2.1 "azp" definition (issue #712)

Nat Sakimura issues-reply at bitbucket.org
Mon Jan 28 17:11:18 UTC 2013


--- you can reply above this line ---

New issue 712: Mesages - 2.1.2.1 "azp" definition
https://bitbucket.org/openid/connect/issue/712/mesages-2121-azp-definition

Nat Sakimura:

**Currently**: 

    azp
    OPTIONAL. Authorized Party. This member identifies an OAuth 2.0 client authorized to use this ID Token as an OAuth access token, if different than the Client that requested the ID Token. It MUST contain the client_id of the authorized party.

**Proposal**: 

    azp
    OPTIONAL. Authorized Party. This member identifies an OAuth 2.0 client authorized to use this ID Token as an OAuth access token. It MUST contain the identifier that the protected resource recognizes. 

**Rationale**: 

Current text needlessly constrains what azp could be, while that constraint being not necessarily useful. For example, the current definition removes the possibility of having ephemeral identifier (such as a dynamically generated public key) of the client, which is not a client_id in the OAuth sense but still useful as long as the protected resource can recognize it and possibly perform the key possession check. 


--

This is an issue notification from bitbucket.org. You are receiving
this either because you are the owner of the issue, or you are
following the issue.


More information about the Openid-specs-ab mailing list