[Federation] aud claim should be removed from Entity Statement
Issue #1949
resolved
the fetch endpoint doesn't have any client authentication mechanisms or nothing valuable to known who's the audience of the issued statement
For this reason the aud
claim in the entity statement should be removed
Comments (5)
-
reporter -
The “aud” claim is used in explicit registration requests and responses:
https://openid.net/specs/openid-connect-federation-1_0.html#appendix-A.3.2
(not in response to an authenticated request, but for a “pushed” EC or ES that was minted for the OP, resp RP)
-
reporter Ok @Vladimir Dzhuvinov I propose to keep this PR open by changing its scopes including in the next commits all the required changes to improve the text related to the explicit registration
-
reporter - changed component to Federation
-
reporter - changed status to resolved
not relevant
- Log in to comment
The PR that closes this issue is https://bitbucket.org/openid/connect/pull-requests/530