[Openid-specs-ab] Issue #1658: Clarification on OP metadata (Section 4.3) (openid/connect)
tlodderstedt
issues-reply at bitbucket.org
Wed Oct 5 16:35:28 UTC 2022
New issue 1658: Clarification on OP metadata (Section 4.3)
https://bitbucket.org/openid/connect/issues/1658/clarification-on-op-metadata-section-43
Torsten Lodderstedt:
As far as I understand the text, the assumption is the RP will use the metadata obtained through OIDC federation, i.e. special logic \(section 4.3. could benefit from a reference to section 10.4\).
Is it possible/envisioned to just assert the issuer URL in an OP entity statement? I’m asking since that would allow RP’s to use the standard OIDC discovery and ID Token signature validation process \(just bootstrapped from an entity id\). I think adoption would be fostered if the standard process would be supported as well \(as this is what existing implementations do\).
More information about the Openid-specs-ab
mailing list