Basic - 3.3.4.2 audience verification
Issue #79
resolved
It's not clear what the value of the "aud" parameter should be compared to. Where does the client obtain it from?
Comments (4)
-
-
-
assigned issue to
-
assigned issue to
-
Change
This member identifies the audience that this ID Token is intended for. It is RECOMENDED that aud be the OAuth client_id of the RP.
To
This member identifies the audience that this ID Token is intended for. It is the OAuth client_id of the RP.
-
- changed status to resolved
fixes
#79 - Log in to comment
3.1.1 of Message ( http://openid.net/specs/openid-connect-messages-1_0.html#id_token ) ,
aud
REQUIRED. This member identifies the audience that this ID Token is intended for. It is RECOMENDED that aud be the OAuth client_id of the RP.
If aud == OAuth client_id , aud is identifier with which a client must be registered at the server. If aud != OAuth client_id, what?