openid / connect / issues / #1949 - [Federation] aud claim should be removed from Entity Statement — Bitbucket

Issue #1949 resolved

Giuseppe De Marco created an issue 2023-06-05

the fetch endpoint doesn't have any client authentication mechanisms or nothing valuable to known who's the audience of the issued statement

For this reason the aud claim in the entity statement should be removed

Comments (5)

Giuseppe De Marco reporter
The PR that closes this issue is https://bitbucket.org/openid/connect/pull-requests/530
- 2023-06-05T09:11:52+00:00
Vladimir Dzhuvinov
The “aud” claim is used in explicit registration requests and responses:

https://openid.net/specs/openid-connect-federation-1_0.html#appendix-A.3.2

(not in response to an authenticated request, but for a “pushed” EC or ES that was minted for the OP, resp RP)
- 2023-06-05T10:24:33+00:00
Giuseppe De Marco reporter
Ok @Vladimir Dzhuvinov I propose to keep this PR open by changing its scopes including in the next commits all the required changes to improve the text related to the explicit registration
- 2023-06-05T10:46:08+00:00
Giuseppe De Marco reporter
- changed component to Federation
- 2023-06-05T10:46:23+00:00
Giuseppe De Marco reporter
- changed status to resolved
not relevant
- 2023-06-12T23:40:36+00:00
Log in to comment

Assignee: Giuseppe De Marco

Type: bug

Priority: major

Status: resolved

Component: Federation

Milestone: –

Version: –

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!