oidcc version
latest
Erlang version
any
Elixir version
any
Summary
- Certification Suite:
oidcc-client-test-plan
- Certification Test:
oidcc-client-test-aggregated-claims
The certification test contains an aggregated JWT Userinfo Claim with an unsigned Token.
Current behavior
Validation Fails
How to reproduce
Run oidcc-client-test-aggregated-claims test
Expected behavior
Spec: https://openid.net/specs/openid-connect-core-1_0.html#AggregatedDistributedClaims
§ 5.6.2. Aggregated and Distributed Claims
...
An iss (issuer) Claim SHOULD be included in any JWT issued by a Claims Provider so that the Claims Provider's keys can be retrieved for signature validation of the JWT. The value of the Claim is the Claims Provider's Issuer Identifier URL.
...
Based on this i assume:
- Validation is not according to userinfo rules.
- Instead:
none is valid- If
iss present, load config / JWKs and validate using the rules of that iss.
oidcc version
latest
Erlang version
any
Elixir version
any
Summary
oidcc-client-test-planoidcc-client-test-aggregated-claimsThe certification test contains an aggregated JWT Userinfo Claim with an unsigned Token.
Current behavior
Validation Fails
How to reproduce
Run
oidcc-client-test-aggregated-claimstestExpected behavior
Spec: https://openid.net/specs/openid-connect-core-1_0.html#AggregatedDistributedClaims
Based on this i assume:
noneis validisspresent, load config / JWKs and validate using the rules of thatiss.