Redirection of /.well-known/openid-federation
The "5.2. Federation Entity Configuration Response" section of "OpenID Connect Federation 1.0 - draft 12" tells us that
A positive response is a signed entity statement, where the content type MUST be set to application/jose. In case of an error, the response will be a JSON object, the content type MUST be set to application/json and the error response uses the applicable HTTP status code value.
It makes sense to specify that the successful response is HTTP 200 OK, so 3** responses aren't considered to be "positive" ones.
See also related https://bitbucket.org/openid/connect/issues/627/ and https://lists.openid.net/pipermail/openid-specs-ab/2022-October/009404.html for more info.
Comments (5)
-
-
this PR closes this issue
https://bitbucket.org/openid/connect/pull-requests/323/fix-federation-clarifications-on-the-hhtpthank you and please feel free to share your suggestions directly in the PR
-
-
assigned issue to
-
assigned issue to
-
- changed status to open
We agreed on the 10-Oct-22 working group call with following the precedent set by Discovery for successful
.well-known/openid-configuration
responses using 200 OK. -
- changed status to resolved
- Log in to comment
Hi, I suggest to read and evaluate DRAFT 23 here
https://openid.net/specs/openid-connect-federation-1_0.html#section-6.2
as you can read something is changed from draft 12.
In the non normative example you have
200 OK
but I agree that we can specify in the text that a positive response must return an http status code of 200. No http redirection (302) or other codes 3xx are allowed.