-
assigned issue to
- changed status to open
Messages - 6.7 unspecified ID Token validation
Issue #200
resolved
"The authorization server also MUST validate the request to ensure all required parameters are present and valid."
The sole parameter is the ID Token. It is not specified what constitutes a valid/invalid ID Token - what are the actual validation rules?
I expect to see: - format rules - parameter/claim values (which values from the ID Token should match what data that the RP has, and how the RP obtains and maintains the rvalue)
Comments (3)
-
-
addresses
#200Messages - 6.7 unspecified ID Token validation -
- changed status to resolved
fixes
#200add id_token verification rules to Sec 7 - Log in to comment