openid / connect / issues / #87 - Basic - 3.3. Check Session Endpoint MAY be called or MUST be called? — Bitbucket

Issue #87 resolved

hideki nara created an issue 2011-09-13

It's not quite clear if RP have to call the OP's Check Session Endpoint or not from Basic's description. ( Message or Standard describes clearly ?)

While 4.2 says "Clients MAY send requests with the following parameters to the UserInfo endpoint to obtain further information about the user."

Comments (2)

John Bradley
In Basic we are making the assumption that they are not directly inspecting the token.

So it should be a MUST verify the id_token using the check session endpoint.
- 2011-09-19T20:10:34+00:00
Edmund Jay
- changed status to resolved
fixes ~~#87~~

→ 7db5e323b9c2
- 2011-09-20T02:21:20+00:00
Log in to comment

Assignee: Edmund Jay

Type: proposal

Priority: minor

Status: resolved

Component: –

Milestone: –

Version: –

Votes: 0

Watchers: 0

Jira: the preferred issue tracker for Bitbucket. Join the team!