1. OpenID Foundation Avatar OpenID Foundation
  2. WGs
  3. connect
  4. Issues

Inconsistent example of the "aud" field in request objects

Issue #1799 resolved
Fabian Hoffmann created an issue

In chapter: 10.1.1.1. Using a Request Object the “aud” field is described as: 

aud
REQUIRED. The Audience (aud) value MUST be or include the OP's Issuer Identifier URL.

In the example below however we can find an URL, that contains the path “authorization” which gives the impression that the OP’s authorization endpoint shall be set instead of the Issuer Identifier URL: 

{
  "aud": "https://op.example.org/authorization",
  "client_id": "https://rp.example.com",
  "exp": 1589699162,
  "iat": 1589699102,
  "iss": "https://rp.example.com",
  "jti": "4d3ec0f81f134ee9a97e0449be6d32be",
  "nonce": "4LX0mFMxdBjkGmtx7a8WIOnB",
  "redirect_uri": "https://rp.example.com/authz_cb",
  "response_type": "code",
  "scope": "openid profile email address phone",
  "state": "YmX8PM9I7WbNoMnnieKKBiptVW0sP2OZ",
  "trust_chain" : [
    "eyJhbGciOiJSUzI1NiIsImtpZCI6Ims1NEhRdERpYnlHY3M5WldWTWZ2aUhm ...",
    "eyJhbGciOiJSUzI1NiIsImtpZCI6IkJYdmZybG5oQU11SFIwN2FqVW1BY0JS ...",
    "eyJhbGciOiJSUzI1NiIsImtpZCI6IkJYdmZybG5oQU11SFIwN2FqVW1BY0JS ..."
  ]
}

My suggestion would be to rename the example URL e.g. to "https://op.example.org/issuer"

Comments (3)

  4. Log in to comment
Assignee
Type
enhancement
Priority
minor
Status
resolved
Component
Federation
Milestone
Version
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!