-
assigned issue to
[Federation] Editorial: Two missing normative references
Issue #2153
resolved
The spec mentions two normative refs (using <xref target="RFCxxxx"/>
) that are not present in the “Normative References” section:
https://openid.bitbucket.io/connect/openid-federation-1_0.html#section-17.1
- RFC6749
- RFC8725
Comments (4)
-
-
- changed status to open
To be fixed by https://bitbucket.org/openid/connect/pull-requests/739
-
reporter Thanks!
-
- changed status to resolved
- Log in to comment
The OAuth 2 reference is clearly normative, since we use OAuth 2 protocol elements.
I disagree that the JWT BCP is normative. Implementers can follow the advice in the BCP about preventing cross-JWT confusion by following the Federation spec (using the required “typ” values) without reading any part of RFC 8725.