Messages - (ed) 2.2 Clarification to azp defitnition
Issue #862
resolved
azp OPTIONAL or REQUIRED. Authorized Party - the party to which the ID Token was issued. If present, it MUST contain the OAuth 2.0 client_id of the party that will be using it. This Claim is only REQUIRED when the party requesting the ID Token is not the same as the sole audience of the ID Token. It MAY be included even when the Authorized Party is the same as the sole audience. The azp value is a case sensitive string containing a StringOrURI value.
In the second sentence "the party that will be using it." was pointed out as confusing to a reader as azp is defined in the first sentence as the party to which the token was issued. Probably should be changed to "OAuth 2.0 client_id of the party that requested the token.
The term sole audience was also noted as confusing. It is correct english but perhaps not spec language.
Perhaps something like
This Claim is only REQUIRED when aud is multi value or if aud is a single value that is not the value of azp.
Comments (5)
-
-
- changed milestone to Final
-
assigned issue to
Michael Jones
We will apply these clarifications for Final.
-
- changed title to Messages - 2.2 Clarification to azp defitnition
-
- changed title to Messages - (ed) 2.2 Clarification to azp defitnition
-
- changed status to resolved
Fixed
#862- Clarified <spanx style="verb">azp</spanx> definition→ <<cset b3b4b5b5c7fa>>
- Log in to comment
OAuth 2.0 client_id of the party that was issued to.
instead of
OAuth 2.0 client_id of the party that requested the token.