[Openid-specs-ab] Issue #1772: SOIP sec 7.2.2. OpenID Federation 1.0 Automatic Registration is probematic (openid/connect)
Brian Campbell
issues-reply at bitbucket.org
Fri Jan 6 18:52:08 UTC 2023
New issue 1772: SOIP sec 7.2.2. OpenID Federation 1.0 Automatic Registration is probematic
https://bitbucket.org/openid/connect/issues/1772/soip-sec-722-openid-federation-10
Brian Campbell:
[https://openid.net/specs/openid-connect-self-issued-v2-1\_0-12.html#section-7.2.2](https://openid.net/specs/openid-connect-self-issued-v2-1_0-12.html#section-7.2.2)
says there’s an “example of a signed cross-device request” followed by an example that is confusing for a number of reasons \(to me anyway - e.g. the authorization endpoint and redirect uri are the same domain\) but is definitely not a signed request.
This needs to be fixed but maybe that could be done by removing it \(and similar\) as it just seems to be referring to OpenID4VP.
More information about the Openid-specs-ab
mailing list