[Openid-specs-ab] Issue #841: Standard - 2.2.6.1 Add ID Token Validation text (openid/connect)

Nat Sakimura issues-reply at bitbucket.org
Fri May 31 01:42:10 UTC 2013


New issue 841: Standard - 2.2.6.1 Add ID Token Validation text
https://bitbucket.org/openid/connect/issue/841/standard-2261-add-id-token-validation-text

Nat Sakimura:

It references Section 2.1.2 of OpenID Connect Messages 1.0 as what is being returned using this binding. 

IMHO, it is rather important to call out the validation section as well, since reader may just think "oh that's just a format" and does not follow the validation requirement set forth in Section 4 of OpenID Connect Messages 1.0 here as well. 

Also, the validation section may call out the HTTP specific precautions, such as checking the binding between the state parameter or nonce to cookie, etc. 




More information about the Openid-specs-ab mailing list