Specify that Federation endpoints use https scheme

Each place we define an endpoint, we should say that the endpoint uses the https scheme and MAY contain port, path, and query parameter components. We can use this language from OpenID Connect Discovery as an example:

userinfo_endpoint

RECOMMENDED. URL of the OP's UserInfo Endpoint [OpenID.Core]. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

I believe this language should apply to these endpoints: federation_registration_endpoint, federation_fetch_endpoint, federation_list_endpoint, federation_resolve_endpoint, federation_trust_mark_status_endpoint, federation_trust_mark_list_endpoint.

Comments (3)