[Openid-specs-ab] Issue #905: Core - Example A.2 - Add full ID Token validation example (openid/connect)
issues-reply at bitbucket.org
Wed Nov 27 12:10:18 UTC 2013
New issue 905: Core - Example A.2 - Add full ID Token validation example
Current example only describes the payload.
For developers, a full example explaining what to be expected in the JWS header and how they should be treated would be very useful.
For example, see http://stackoverflow.com/questions/20159782/how-can-i-decode-a-google-oauth-2-0-jwt-in-a-node-app
IMHO, the header should also include the "kid" to indicate how to deal with "kid" and x5u or jku.
More information about the Openid-specs-ab