[Openid-specs-ab] Registration: request_uris with fragments?
bcampbell at pingidentity.com
Wed Dec 18 23:51:24 UTC 2013
What's the idea behind a client registering request_uris that include
I thought the fragment thing was to help with caching and knowing when to
re-fetch the content. But I don't see how that works with per-registration.
request_uris OPTIONAL. Array of request_uri values that are pre-registered
by the RP for use at the OP. Servers MAY cache the contents of the files
referenced by these URIs and not retrieve them at the time they are used in
a request. OPs can require that request_uri values used be pre-registered
with the require_request_uri_registration discovery parameter.
If the contents of the request file could ever change, these URI values
SHOULD include the base64url encoded SHA-256 hash value of the file
contents referenced by the URI as the value of the URI fragment. If the
fragment value used for a URI changes, that signals the server that its
cached value for that URI with the old fragment value is no longer valid.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab