[Openid-specs-fapi] Issue #711: ID token signature validation (openid/fapi)
Dima Postnikov
issues-reply at bitbucket.org
Mon Sep 9 02:03:18 UTC 2024
New issue 711: ID token signature validation
https://bitbucket.org/openid/fapi/issues/711/id-token-signature-validation
Dima Postnikov:
FAPI specifications need to be explicit if ID token signature needs to be validated by a client.
Common sense says “yes“, we have just found out that some implementations do it and some don't.
More discussion: [https://gitlab.com/openid/conformance-suite/-/issues/1375](https://gitlab.com/openid/conformance-suite/-/issues/1375)
What does formal analysis say about it? Is it a control we rely on?
More information about the Openid-specs-fapi
mailing list