-
assigned issue to
Michael Jones
iss in examples should start with https
Issue #1021
resolved
The description of iss in "2. ID Token" in "OpenID Connect Core 1.0" says as follows:
REQUIRED. Issuer Identifier for the Issuer of the response. The
issvalue is a case sensitive URL using thehttpsscheme that contains scheme, host, and optionally, port number and path components and no query or fragment components.
According to this description, the value of iss claim should start with https:. However, iss values in examples in OIDC Core 1.0 (e.g. "A.2. Example using response_type=id_token") start with http:.
Examples should be modified.
Comments (3)
-
-
- changed milestone to Errata
-
- changed status to resolved
Yes, this is already fixed in the editor's draft at https://openid.bitbucket.io/connect/openid-connect-core-1_0.html .
- Log in to comment
May have been already fixed in WD.