[Federation] id_token_signing_alg?
In Section 5.1. Metadata Policy and Section 5.1.8. Policy Example of OpenID Connect Federation 1.0, id_token_signing_alg
is used as an example of metadata. Is it correct?
OpenID Connect Dynamic Client Registration 1.0 defines id_token_signed_response_alg
. OpenID Connect Discovery 1.0 defines id_token_signing_alg_values_supported
. It seems better to change id_token_signing_alg
to either id_token_signed_response_alg
or id_token_signing_alg_values_supported
unless id_token_signing_alg
is used intentionally as a virtual metadata for some reasons.
I guess that id_token_signing_alg
in Section 5.1 intends to be id_token_signing_alg_values_supported
and that id_token_signing_alg
in Section 5.1.8 intends to be id_token_signed_response_alg
. And if so, because the type of id_token_signed_response_alg
is not a JSON array, the example in Section 5.1.8. seems inappropriate.
Comments (3)
-
-
Done here
https://bitbucket.org/openid/connect/pull-requests/179/fix-federation-typo-in-rp-examples-and
thank you @Takahiko Kawasaki -
- changed status to resolved
Fixed by PR #179.
- Log in to comment
Typo confirmed, It should be
id_token_signed_response_alg
A policy with a non matching claim wouln't be applied by a verifier. The typo Is in the non normative examples
+1 @Takaiko
If you can provide a pull request It would be great, otherwise tomorrow I'll do it