-
assigned issue to
[Federation] Specify resolve response JWT claims
Issue #1673
resolved
The resolve response spec is missing a formal definition of the claims that go into the JWT:
https://openid.net/specs/openid-connect-federation-1_0.html#name-resolve-response
The example has the following top-level claims:
- iss - REQUIRED, the the resolve entity ID
- sub - REQUIRED, the according to the requested “sub”
- iat - REQUIRED, the JWT issue time or the time when the chain was last refreshed?
- exp - REQUIRED, the expiration of the trust chain?
- metadata - REQUIRED, according to the requested “type”, else for all available types?
- trust_marks - REQUIRED, the collected and successfully validated trust marks
- trust_chain - OPTIONAL
Comments (3)
-
-
Hi Vlad, the PR below resolves this issue
https://bitbucket.org/openid/connect/pull-requests/326/chore-federation-added-resolve-endpointI just changed trust_marks to optional, because it’s optional.
Regarding your questions, please have a read to the PR and if something is missing or not satisfactory, make your comments in the revision of the PR.
thank you very much -
- changed status to resolved
- Log in to comment