Uploaded image for project: 'OpenId Connect'
  1. OpenId Connect
  2. OIDC-98

The ID Token should be signed

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 1.24
    • 1.23
    • Provider
    • None
    • Unknown

    Description

      According to https://openid.net/specs/openid-connect-core-1_0.html#IDToken

      ID Tokens MUST be signed

      It works with many OIDC clients only because most of them also support OAuth2 in which the token is not signed.

      Attachments

        Issue Links

          is duplicated by

          New Feature - A new feature of the product, which has yet to be developed. OIDC-17 Implement JWK endpoint

          • Major - Major loss of function.
          • Closed

          Activity

            People

              tmortagne Thomas Mortagne
              tmortagne Thomas Mortagne
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: