openid / connect / issues / #83 - Basic - 4 unclear wording for Userinfo endpoint - subject binding — Bitbucket

Issue #83 resolved

Former user created an issue 2011-09-09

The wording "subject of the Userinfo endpoint" doesn't make sense, not clear how OAuth 2 protected resource endpoints can have subjects.

Comments (4)

hideki nara
Section 4 of Basic looks euphemistic. Referring to Bear Token may be simpler and clearer.
- 2011-09-11T18:57:02+00:00
hideki nara
- assigned issue to
  
  Edmund Jay
- 2011-09-11T23:08:18+00:00
Nat Sakimura
Write that :

Note: UserInfo response is not guaranteed to be about the Subject in the session. Therefore, it MUST NOT be used as an assertion about the user in the session unless the user_id matches the user_id in the ID Token.
- 2011-09-15T01:54:33+00:00
Edmund Jay
- changed status to resolved
fixes ~~#83~~

→ 18c03b2fd488
- 2011-09-18T07:36:43+00:00
Log in to comment

Assignee: Edmund Jay

Type: bug

Priority: major

Status: resolved

Component: –

Milestone: –

Version: –

Votes: 0

Watchers: 0

Jira: the preferred issue tracker for Bitbucket. Join the team!