[Openid-specs-ab] Issuer issue
roland.hedberg at adm.umu.se
Wed Aug 22 06:55:53 UTC 2012
Keeping tabs on issuer is important since it's coupled to which keys are
Everything starts with Section 3.3 in
"If the configuration response contains the issuer element, the value
MUST exactly match the issuer for the URL that was directly used to
retrieve the configuration."
I had a bit of a problem parsing this sentence but my interpretation is
that issuer is the location URL you find using SWD.
Using the example, if you get:
HTTP/1.1 200 OK
And then does a GET on
issuer == "https://server.example.com"
issuer is *not* equal to the URL I used to get the configuration.
More information about the Openid-specs-ab