Redirection of /.well-known/openid-federation

Issue #1663 resolved

Andrii Deinega created an issue 2022-10-06

The "5.2. Federation Entity Configuration Response" section of "OpenID Connect Federation 1.0 - draft 12" tells us that

A positive response is a signed entity statement, where the content type MUST be set to application/jose. In case of an error, the response will be a JSON object, the content type MUST be set to application/json and the error response uses the applicable HTTP status code value.

It makes sense to specify that the successful response is HTTP 200 OK, so 3** responses aren't considered to be "positive" ones.

Comments (5)

Giuseppe De Marco
Hi, I suggest to read and evaluate DRAFT 23 here
https://openid.net/specs/openid-connect-federation-1_0.html#section-6.2
as you can read something is changed from draft 12.

In the non normative example you have 200 OK but I agree that we can specify in the text that a positive response must return an http status code of 200. No http redirection (302) or other codes 3xx are allowed.
- 2022-10-07T07:23:09+00:00
Giuseppe De Marco
this PR closes this issue
https://bitbucket.org/openid/connect/pull-requests/323/fix-federation-clarifications-on-the-hhtp

thank you and please feel free to share your suggestions directly in the PR
- 2022-10-07T16:12:50+00:00
Giuseppe De Marco
- assigned issue to
  
  Giuseppe De Marco
- 2022-10-07T16:24:03+00:00
Michael Jones
- changed status to open
We agreed on the 10-Oct-22 working group call with following the precedent set by Discovery for successful .well-known/openid-configuration responses using 200 OK.
- 2022-10-11T00:40:52+00:00
Giuseppe De Marco
- changed status to resolved
Closed by https://bitbucket.org/openid/connect/pull-requests/323/fix-federation-responses-http-status-codes
- 2022-10-14T15:20:25+00:00
Log in to comment

Assignee: Giuseppe De Marco

Type: proposal

Priority: minor

Status: resolved

Component: Federation

Milestone: –

Version: –

Votes: 0

Watchers: 1