[Openid-specs-ab] Issuer issue
ve7jtb at ve7jtb.com
Wed Aug 22 15:15:25 UTC 2012
And "https://server.example.com/customer1/.well-known/openid-configuration" has a issuer of "https://server.example.com/customer1"
Adding the path probably needs some examples.
The idea was that it is equal to the URL before appending the /.well-known/openid-configuration. That is to save space in the JWT.
On 2012-08-22, at 10:11 AM, Justin Richer <jricher at mitre.org> wrote:
> The "issuer" is the bit of the URL that's before the .well-known/openid-configuration, so "https://server.example.com/.well-known/openid-configuration" has an issuer of "https://server.example.com/" as the example states. If it could be worded more clearly (which I'm sure it could, because I think I wrote that paragraph), then please suggest better wording.
> -- Justin
> On 08/22/2012 02:55 AM, Roland Hedberg wrote:
>> Keeping tabs on issuer is important since it's coupled to which keys are
>> Everything starts with Section 3.3 in
>> "If the configuration response contains the issuer element, the value
>> MUST exactly match the issuer for the URL that was directly used to
>> retrieve the configuration."
>> I had a bit of a problem parsing this sentence but my interpretation is
>> that issuer is the location URL you find using SWD.
>> Using the example, if you get:
>> HTTP/1.1 200 OK
>> Content-Type: application/json
>> And then does a GET on
>> https://server.example.com/.well-known/openid-configuration then
>> issuer == "https://server.example.com"
>> issuer is *not* equal to the URL I used to get the configuration.
>> Right ?
>> -- Roland
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4937 bytes
Desc: not available
More information about the Openid-specs-ab