[Openid-specs-ab] Issue #1693: trust_mark as a query parameter (openid/connect)
Andrii Deinega
issues-reply at bitbucket.org
Wed Oct 26 18:26:40 UTC 2022
New issue 1693: trust_mark as a query parameter
https://bitbucket.org/openid/connect/issues/1693/trust_mark-as-a-query-parameter
Andrii Deinega:
[https://openid.net/specs/openid-connect-federation-1\_0.html](https://openid.net/specs/openid-connect-federation-1_0.html) \(draft 24\) doesn’t have any restrictions on the size of trust marks, which could easily become an issue when a trust mark is passed as a query parameter in the status endpoint \(see section 7.4.1\). JWTs can be silently truncated because of the size limits on HTTP request headers presented by various server implementations.
It makes sense to allow the processing of an HTTP POST request as well in order to mitigate this sort of issue \(or completely move to move to an HTTP POST request\).
More information about the Openid-specs-ab
mailing list