[Openid-specs-ab] Issue #841: Standard - 22.214.171.124 Add ID Token Validation text (openid/connect)
issues-reply at bitbucket.org
Fri May 31 01:42:10 UTC 2013
New issue 841: Standard - 126.96.36.199 Add ID Token Validation text
It references Section 2.1.2 of OpenID Connect Messages 1.0 as what is being returned using this binding.
IMHO, it is rather important to call out the validation section as well, since reader may just think "oh that's just a format" and does not follow the validation requirement set forth in Section 4 of OpenID Connect Messages 1.0 here as well.
Also, the validation section may call out the HTTP specific precautions, such as checking the binding between the state parameter or nonce to cookie, etc.
More information about the Openid-specs-ab