openid / connect / issues / #570 - General - removal of Check ID endpoint — Bitbucket

Issue #570 resolved

Torsten Lodderstedt created an issue 2012-04-06

Id tokens don't need to be verified for direct connections due to TLS-based protection. Even if the RP (or any other party) needs to validate it, the verification of id tokens is simple given the adoption and simplicity of JWT. So I don't see a need for this function.

Comments (8)

Nat Sakimura
- assigned issue to
  
  John Bradley
- changed status to open
Drop.

Add back with session management.

Having a way to RS / AS token introspection would be good but a different issue.
- 2012-04-30T21:23:07+00:00
Nat Sakimura
Issue ~~#590~~ was marked as a duplicate of this issue.
- 2012-05-17T22:21:39+00:00
Nat Sakimura
- changed title to General - removal of check_id endpoint
- 2012-05-17T22:22:22+00:00
Nat Sakimura
- changed title to General - removal of Check ID endpoint
- 2012-05-17T22:22:41+00:00
John Bradley
Re ~~#570~~ remove check id endpoint.

→ a41fa75f3a89
- 2012-05-17T22:50:21+00:00
John Bradley
Re ~~#570~~ change validation rule on id_tokens received directly from Token endpoint.

→ 1c2616cef81a
- 2012-05-18T01:19:19+00:00
Michael Jones
- changed status to resolved
Done
- 2012-05-21T23:21:04+00:00
Nat Sakimura
Refer to a46b3e234249 as well.
- 2012-05-21T23:22:01+00:00
Log in to comment

Assignee: John Bradley

Type: proposal

Priority: major

Status: resolved

Component: –

Milestone: –

Version: –

Votes: 0

Watchers: 0

Jira Software: the preferred issue tracker for Bitbucket. Join the team!