[Openid-specs-ab] Issue #2116: [Federation] Clarify that the metadata_policy is not intended to JSON type check metadata parameters (openid/connect)
Vladimir Dzhuvinov
issues-reply at bitbucket.org
Fri Feb 9 07:19:44 UTC 2024
New issue 2116: [Federation] Clarify that the metadata_policy is not intended to JSON type check metadata parameters
https://bitbucket.org/openid/connect/issues/2116/federation-clarify-that-the
Vladimir Dzhuvinov:
Federation designers may feel tempted to utilise the `metadata_policy` to check and validate the JSON value types of metadata parameters. Such checks should be performed at the application layer, after the metadata is obtained from the Trust Chain.
In the case of an OP processing a federated login request from an RP, the OP would obtain from the validated Trust Chain the metadata JSON object for the RP and then parse that with the help of an OIDC specific library to get an application specific object representation of the RP metadata.
More information about the Openid-specs-ab
mailing list