[Openid-specs-ab] A couple of additional errata
Roland Hedberg
roland.hedberg at adm.umu.se
Sun Jan 27 18:50:07 UTC 2013
2.1.1.1 Last sentence of first paragraph:
"Supporting it is necessary for implementations that need to request or
provide sets of Claims other than the default UserInfo, and ID Token Claim sets."
UserInfo is a link to 2.3 UserInfo Endpoint
but that is not what 'UserInfo' is referring to in the text, it's
about the claims set not the endpoint.
5.2 ID Token Validation
Bullet point 10.
"If a nonce value was sent in the Authorization Request, a nonce Claim MUST
be present and its value of the checked ..."
^^^^^^
'of the' should be removed.
5.3 Userinfo Response Validation
"To validate the UserInfo response, the Client MUST do the following:
1. If the Client has provided a userinfo_encrypted_response_alg parameter
during Registration, decrypt the ID Token using the key pair specified
during Registration."
Why the ID Token? Isn't it the Userinfo response that is supposed to be
encrypted ?
-- Roland
------------------------------------------------------
Roland Hedberg
IT Architect/Senior Researcher
ICT Services and System Development (ITS)
Umeå University
SE-901 87 Umeå, Sweden
Phone +46 90 786 68 44
Mobile +46 70 696 68 44
www.its.umu.se
More information about the Openid-specs-ab
mailing list