[Federation] id_token_signing_alg?
Issue #1502
resolved
In Section 5.1. Metadata Policy and Section 5.1.8. Policy Example of OpenID Connect Federation 1.0, id_token_signing_alg is used as an example of metadata. Is it correct?
OpenID Connect Dynamic Client Registration 1.0 defines id_token_signed_response_alg. OpenID Connect Discovery 1.0 defines id_token_signing_alg_values_supported. It seems better to change id_token_signing_alg to either id_token_signed_response_alg or id_token_signing_alg_values_supported unless id_token_signing_alg is used intentionally as a virtual metadata for some reasons.
I guess that id_token_signing_alg in Section 5.1 intends to be id_token_signing_alg_values_supported and that id_token_signing_alg in Section 5.1.8 intends to be id_token_signed_response_alg. And if so, because the type of id_token_signed_response_alg is not a JSON array, the example in Section 5.1.8. seems inappropriate.
Comments (3)
-
-
Done here
https://bitbucket.org/openid/connect/pull-requests/179/fix-federation-typo-in-rp-examples-and
thank you @Takahiko Kawasaki -
- changed status to resolved
Fixed by PR #179.
- Log in to comment
- Assignee
- –
- Type
- Priority
- Status
- resolved
- Component
- Federation
- Milestone
- –
- Version
- –
- Votes
- 0
- Watchers
- 1
Typo confirmed, It should be
id_token_signed_response_algA policy with a non matching claim wouln't be applied by a verifier. The typo Is in the non normative examples
+1 @Takaiko
If you can provide a pull request It would be great, otherwise tomorrow I'll do it