Link configuration "supported" options to behaviour #22
Labels
Comments
tekul
added a commit
that referenced
this issue
Oct 15, 2015
Checks registered algorithms and client auth method during registration against those supported by the server configuration and returns an invalid metadata error if the values are not supported. See #22.
|
See also: http://tools.ietf.org/html/rfc7591#section-2.1 and http://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata for information on validating the requested grant types based on supported response types. |
tekul
added a commit
that referenced
this issue
Oct 16, 2015
Now checks whether the OP is configured to support the requested response type and returns an error if not. See #22.
tekul
added a commit
that referenced
this issue
Dec 1, 2015
If the client registers with the implicit grant as but the OP does not support any response types which imply the implicit grant, a metadata error is returned. See #22.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
These are currently ignored, other than as provided to the client via the discovery response. The client can still use unsupported options in requests and have them processed. For example
responseTypesSupportedshould be checked when processing an authorization requestalgorithmsSupportedshould be checked in id token creation, user info responses, request object (when implemented) and client auth signing. It may be sufficient to check some of them when registering the client, since the client's specific algorithms are stored with its data.Both these and
clientAuthMethodsSupportedshould be checked when registering the client.The text was updated successfully, but these errors were encountered: