Messages 5.1. Authorization Request Verification - typo, old reference to JWT
Issue #659
resolved
I discovered a typo in the first sentence - encryption should actually be decryption: * "(1) encryption and signature validation of the value of request or the content of request_uri"*
Also, the old request object JWT format is still there:
"the Request Object MUST verify as JWS [JWS] or JWE [JWE] objects that are encoded in the JWT"
Comments (4)
-
reporter
-
-
assigned issue to
Nat Sakimura
- edited description
-
assigned issue to
-
-
assigned issue to
Michael Jones
- edited description
Mike will update the wording.
-
assigned issue to
-
- changed status to resolved
Fixed
#659: Messages 5.1. Authorization Request Verification - typo, old reference to JWT→ <<cset 5b9faa05cbc8>>
- Log in to comment
Concrete suggestion to rewrite the paragraph, with a numbered list to improve readability of the two steps:
*
Authorization Request Verification consists of two main steps:
1. If an OpenID Request Object was sent in the "request" parameter or by reference in the "request_uri" parameter, the Request Object MUST be decrypted as JWE object and/or validated as JWS object.
2. The Authorization Request parameters MUST be verified.
*