[Openid-specs-ab] Issue #905: Core - Example A.2 - Add full ID Token validation example (openid/connect)
Nat Sakimura
issues-reply at bitbucket.org
Wed Nov 27 12:10:18 UTC 2013
New issue 905: Core - Example A.2 - Add full ID Token validation example
https://bitbucket.org/openid/connect/issue/905/core-example-a2-add-full-id-token
Nat Sakimura:
Current example only describes the payload.
For developers, a full example explaining what to be expected in the JWS header and how they should be treated would be very useful.
For example, see http://stackoverflow.com/questions/20159782/how-can-i-decode-a-google-oauth-2-0-jwt-in-a-node-app
IMHO, the header should also include the "kid" to indicate how to deal with "kid" and x5u or jku.
More information about the Openid-specs-ab
mailing list