[Openid-specs-ab] Validating request
Roland Hedberg
roland.hedberg at adm.umu.se
Wed Sep 14 12:31:04 UTC 2011
8 sep 2011 kl. 15:51 skrev Roland Hedberg:
> In OpenID Connect Standard 1.0 - draft 04 section 4.1.2
Should be 4.1.1.2
> Hence, the text describing what a validation should involve is understated and should be expanded to at least contain a comparison between the parameters that appear both in the URL and in the JWT.
I'd like to extend this question as follows:
If the Authorization Request contains a set of parameters (AS) with values and the JWT another set (JS) what relationships are allowed between these sets.
Can AS contain parameters that doesn't appear in JS ?
Can JS contain parameters that doesn't appear in AS ?
If a parameter appears in both AS and JS must it have the same value.
-- Roland
More information about the Openid-specs-ab
mailing list