OpenID Connect Federation 1.0: claim client_id missing from OIDCClientMetadata

Issue #428 resolved
Pasquale Barbaro created an issue

In version 10.7.2 (https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/commits/c656ebc15455907ab450183936c7fb0e2ded01bf)

there was a change which removes client information fields from the metadata returned by CommonFederationClaimsSet.getRPMetadata().

Among the removed values, there is also client_id which is listed in the applicable values for openid_relying_party metadata in section 4.2 of the openid-connect-federation specs: https://openid.net/specs/openid-connect-federation-1_0.html in the “IANA OAuth Dynamic Client Registration Metadata”.

We used to access the client_id from the relying party’s EntityStatement like this:

entityStatement.getClaimsSet().getRPMetadata().getCustomField("client_id")

but that is not possible anymore (version 10.7.2 changed this).

Since client_id is an acceptable value for RP’s metadata, why is it removed?

Comments (6)

  1. Yavor Vasilev

    Hi Pasquale,

    Are you calling this method on the ResolveClaimsSet or EntityStatementClaimsSet?

    (or both)

  2. Yavor Vasilev

    Some background why / where you are getting this client_id will be useful.

    OIDC Federation has the client_id appearing in metadata only in explicit registration responses.

  3. Log in to comment