[Openid-specs-ab] December 27, 2012 OpenID Connect Release
ejay at mgi1.com
Tue Jan 8 02:19:23 UTC 2013
Can you update the birthday claim in your code. It's been changed to birthdate
with a new format.
JWE also has a change in the KDF used in the encryption.
From: Roland Hedberg <roland.hedberg at adm.umu.se>
To: "openid-connect-interop at googlegroups.com"
<openid-connect-interop at googlegroups.com>
Cc: "openid-specs-ab at lists.openid.net" <openid-specs-ab at lists.openid.net>
Sent: Fri, January 4, 2013 4:47:43 AM
Subject: Re: December 27, 2012 OpenID Connect Release
The code running on the test site (http://openidtest.uninett.no/)
and my own OP at xenosmilus2.umdc.umu.se are now updated to comply with the
29 dec 2012 kl. 02:09 skrev Mike Jones <Michael.Jones at microsoft.com>:
> New versions of the OpenID Connect specifications have been released resolving
>numerous open issues raised by the working group. The most significant change
>is changing the name of the “user_id” claim to “sub” (subject) so that ID Tokens
>conform to the OAuth JWT Bearer Profile specification, and so they can be used
>as OAuth assertions. (Also, see the related coordinated change to the OAuth JWT
>specifications.) A related enhancement was extending our use of the “aud”
>(audience) claim to allow ID Tokens to have multiple audiences. Also, a related
>addition was defining the “azp” (authorized party) claim to allow implementers
>to experiment with this proposed functionality. (This is a slightly more
>general form of the “cid” claim that Google and Nat Sakimura had proposed.)
> Other updates were:
> · The “offline_access” scope value was defined to request that a refresh
>token be returned when using the code flow that can be used to obtain an access
>token granting access to the user’s UserInfo endpoint even when the user is not
> · A new “tos_url” registration parameter was added so that the terms of
>service can be specified separately from the usage policy.
> · Clarified that “jwk_url” and “jwk_encryption_url” refer to documents
>containing JWK Sets - not single JWK keys.
> Implementers need to apply these name changes to their code:
> · user_id -> sub
> · prn -> sub
> · user_id_types_supported -> subject_types_supported
> · user_id_type -> subject_type
> · acrs_supported -> acr_values_supported
> · alg -> kty (in JWKs)
> See the Document History section of each specification for more details about
>the changes made.
> This release is part of a coordinated release of JOSE, OAuth, and OpenID
>Connect specifications. You can read about the other releases here: JOSE
>Release Notes, OAuth Release Notes.
> The new specification versions are:
> · http://openid.net/specs/openid-connect-basic-1_0-22.html
> · http://openid.net/specs/openid-connect-implicit-1_0-05.html
> · http://openid.net/specs/openid-connect-messages-1_0-14.html
> · http://openid.net/specs/openid-connect-standard-1_0-15.html
> · http://openid.net/specs/openid-connect-discovery-1_0-11.html
> · http://openid.net/specs/openid-connect-registration-1_0-13.html
> · http://openid.net/specs/openid-connect-session-1_0-10.html
> -- Mike
IT Architect/Senior Researcher
ICT Services and System Development (ITS)
SE-901 87 Umeå, Sweden
Phone +46 90 786 68 44
Mobile +46 70 696 68 44
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab