[Openid-specs-ab] Issuer issue
Roland Hedberg
roland.hedberg at adm.umu.se
Wed Aug 22 06:55:53 UTC 2012
Hi!
Keeping tabs on issuer is important since it's coupled to which keys are
used.
Everything starts with Section 3.3 in
http://openid.net/specs/openid-connect-discovery-1_0.html
"If the configuration response contains the issuer element, the value
MUST exactly match the issuer for the URL that was directly used to
retrieve the configuration."
I had a bit of a problem parsing this sentence but my interpretation is
that issuer is the location URL you find using SWD.
Using the example, if you get:
HTTP/1.1 200 OK
Content-Type: application/json
{
"locations":["https://server.example.com"]
}
And then does a GET on
https://server.example.com/.well-known/openid-configuration then
issuer == "https://server.example.com"
issuer is *not* equal to the URL I used to get the configuration.
Right ?
-- Roland
More information about the Openid-specs-ab
mailing list