[Openid-specs-ab] Your help needed clarifying Google's "azp" claim usage

Wed Aug 19 19:16:30 UTC 2015

Hi Googlers,

It would be hugely useful if you could capture protocol traces that demonstrate how Google actually uses the "azp" claim in cases where the "azp" and "aud" values differ.  Ideally, I'd like to see actual protocol traces, including the Authentication Request, the Authentication Response, and both directions of any the communication between the Client that made the request to the OP and any other Clients that it also sends the resulting token(s) to. Among other things, that would also answer OAuth-y questions like which Client ID is being used for client authentication to the OP when more than one client is involved.

The Connect text about "azp" is currently both ambiguous and contradictory.  This data would be of a huge help to us for sorting this out during the current errata round.

                                                                Thanks a bunch,
                                                                -- Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150819/9a655834/attachment.html>