discovery using issuer identifer w/ path component conflict with RFC 5785?

Issue #638 resolved
Brian Campbell
created an issue

Appending the "/.well-known/openid-configuration" to an issuer identifier that has a path component per §3.1 of Discovery [1] seems like it might contradict RFC 5785 (or at least not really be in the spirit of RFC 5785). The first paragraph of §3 of the RFC [2] talks about the path component beginning with the "/.well-known/ and question #4 in the FAQ [3] talks about why per-directory well-known locations are not defined.

Is this okay? It seems kind of iffy.

[1] http://openid.net/specs/openid-connect-discovery-1_0.html#anchor9 [2] http://tools.ietf.org/html/rfc5785#section-3 [3] http://tools.ietf.org/html/rfc5785#appendix-B

Comments (5)

  1. Nat Sakimura

    WG's concious decision. Different issuers uder the path server config per path needed. Issues with path component is a bit under specified. Needs some more explanation.

    We will see if we really need to fix it.

  2. John Bradley

    RE #638 clarify why path components are supported and make it conflict less with RFC 5785. Review before closing. The alternative would be to encode the path in the configuration file name under /.well_known but that is more confusing for developers to code.

    73d6d056ab58

  3. Log in to comment