-
assigned issue to
- changed status to open
General - removal of Check ID endpoint
Issue #570
resolved
Id tokens don't need to be verified for direct connections due to TLS-based protection. Even if the RP (or any other party) needs to validate it, the verification of id tokens is simple given the adoption and simplicity of JWT. So I don't see a need for this function.
Comments (8)
-
-
Issue
#590was marked as a duplicate of this issue. -
- changed title to General - removal of check_id endpoint
-
- changed title to General - removal of Check ID endpoint
-
Re
#570remove check id endpoint. -
Re
#570change validation rule on id_tokens received directly from Token endpoint. -
- changed status to resolved
Done
-
Refer to a46b3e234249 as well.
- Log in to comment
Drop.
Add back with session management.
Having a way to RS / AS token introspection would be good but a different issue.