Inconsistent example of the "aud" field in request objects
Issue #1799
resolved
In chapter: 10.1.1.1. Using a Request Object the “aud” field is described as:
aud
REQUIRED. The Audience (aud) value MUST be or include the OP's Issuer Identifier URL.
In the example below however we can find an URL, that contains the path “authorization” which gives the impression that the OP’s authorization endpoint shall be set instead of the Issuer Identifier URL:
{
"aud": "https://op.example.org/authorization",
"client_id": "https://rp.example.com",
"exp": 1589699162,
"iat": 1589699102,
"iss": "https://rp.example.com",
"jti": "4d3ec0f81f134ee9a97e0449be6d32be",
"nonce": "4LX0mFMxdBjkGmtx7a8WIOnB",
"redirect_uri": "https://rp.example.com/authz_cb",
"response_type": "code",
"scope": "openid profile email address phone",
"state": "YmX8PM9I7WbNoMnnieKKBiptVW0sP2OZ",
"trust_chain" : [
"eyJhbGciOiJSUzI1NiIsImtpZCI6Ims1NEhRdERpYnlHY3M5WldWTWZ2aUhm ...",
"eyJhbGciOiJSUzI1NiIsImtpZCI6IkJYdmZybG5oQU11SFIwN2FqVW1BY0JS ...",
"eyJhbGciOiJSUzI1NiIsImtpZCI6IkJYdmZybG5oQU11SFIwN2FqVW1BY0JS ..."
]
}
My suggestion would be to rename the example URL e.g. to "https://op.example.org/issuer"
Comments (3)
-
-
-
assigned issue to
-
assigned issue to
-
- changed status to resolved
- Log in to comment
Good catch Fabian!
Resolved by this PR https://bitbucket.org/openid/connect/pull-requests/438