[Openid-specs-ab] Issue #1021: iss in examples should start with https (openid/connect)
Takahiko Kawasaki
issues-reply at bitbucket.org
Thu Oct 5 05:30:14 UTC 2017
New issue 1021: iss in examples should start with https
https://bitbucket.org/openid/connect/issues/1021/iss-in-examples-should-start-with-https
Takahiko Kawasaki:
The description of `iss` in _"2. ID Token"_ in _"OpenID Connect Core 1.0"_ says as follows:
> REQUIRED. Issuer Identifier for the Issuer of the response. The `iss` value is a case sensitive URL using the `https` scheme that contains scheme, host, and optionally, port number and path components and no query or fragment components.
According to this description, the value of `iss` claim should start with `https:`. However, `iss` values in examples in _OIDC Core 1.0_ (e.g. _"A.2. Example using response_type=id_token"_) start with `http:`.
Examples should be modified.
More information about the Openid-specs-ab
mailing list