[Openid-specs-ab] unicode host names, issuer, and URLs in the discovery document
Marcos Sanz
sanz at denic.de
Fri Jun 15 12:25:36 UTC 2018
Hi Nat,
sorry for reopening this somehow old thread, but I've come accross it
completely separately...
wrote on 02/04/2018 05:53:54:
> My personal conclusion is then:
>
> 1) Since discovery document is UTF-8, it should use UTF-8 encoded
authority section.
> 2) Since JWT header and body is JSON, it MUST be UTF-8.
> 3) The client library SHOULD transform the UTF-8 authority section
to punnycode before submitting to the DNS resolver. A
> client MUST make sure that the library that it is using does so unless
it is using a IDN enabled modern DNS resolver.
...and thus, to save other people from this pitfall, I think it'd be a
good idea to add some explicit text about it in the core/discovery drafts,
if new versions are planned soon.
FWIW, I even agree with your conclusion.
Best,
Marcos
More information about the Openid-specs-ab
mailing list