[Federation] Support explicit client registration request with Trust Chain
Issue #1608
resolved
Proposal by @Torsten Lodderstedt to support explicit client registration by passing a complete Trust Chain instead of an Entity Configuration only:
https://bitbucket.org/openid/connect/pull-requests/286#comment-325466353
The processing is identical to the optional trust_chain parameter in automatic registration.
Comments (7)
-
reporter
-
application/x-www-form-urlencodedwith a form parametertrust_chainwith a value in the format of JSON array (likeauthorization_detailsdefined in RAR), for example? -
- changed status to open
On the 25-Aug-22 Federation Editors' Call, @Giuseppe De Marco agreed to create a new PR to do this. We agreed to not repeat the Entity Statement if it is already included in the trust chain. So one could register either with an Entity Configuration or a trust chain.
-
I’d wait for the merge of https://bitbucket.org/openid/connect/pull-requests/286 before add trust_chain also in the explicit client registration.
The registration request can be submitted with two different Content-Type:
application/entity-statement+jwtandapplication/json
The first contains the Entity Configuration of the requesting RP, the second is an json array containing the sequence of statements that forms the trust_chain.the ordering of the trust chains statements is described in the Trust Chain Section.
-
-
assigned issue to
Giuseppe De Marco
-
assigned issue to
-
This issue will be closed by this PR
https://bitbucket.org/openid/connect/pull-requests/297/feat-federation-trust-chain-in-explicit -
- changed status to resolved
- Log in to comment
- Assignee
- Type
- Priority
- Status
- resolved
- Component
- Federation
- Milestone
- –
- Version
- –
- Votes
- 0
- Watchers
- 1
HTTP requests with a trust chain will need to have a new Content-Type defined.
For HTTP requests with an Entity Configuration the Content-Type is
application/entity-statement+jwt