SOIP sec 7.2.2. OpenID Federation 1.0 Automatic Registration is probematic

https://openid.net/specs/openid-connect-self-issued-v2-1_0-12.html#section-7.2.2

says there’s an “example of a signed cross-device request” followed by an example that is confusing for a number of reasons (to me anyway - e.g. the authorization endpoint and redirect uri are the same domain) but is definitely not a signed request.

This needs to be fixed but maybe that could be done by removing it (and similar) as it just seems to be referring to OpenID4VP.

‌

Comments (3)