You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Many OPs issue a JWT as the AT. I imagine it would be relatively trivial for oidc-token to inspect the token and, if it is a JWT, extract the iss claim value. This value could then be compared with what oidc-agent believes is the issuer URL.
A discrepancy can occur if (for example) the URL given to oidc-gen was malformed (e.g., containing unexpected trailing slashes). However, this incorrect value might go undetected, as the oidc document discovery would still work.
oidc-token could then issue a warning if the issuer doesn't match the expected value. This would give the user the opportunity to update the issuer URL.
The text was updated successfully, but these errors were encountered:
Many OPs issue a JWT as the AT. I imagine it would be relatively trivial for oidc-token to inspect the token and, if it is a JWT, extract the
issclaim value. This value could then be compared with what oidc-agent believes is the issuer URL.A discrepancy can occur if (for example) the URL given to oidc-gen was malformed (e.g., containing unexpected trailing slashes). However, this incorrect value might go undetected, as the oidc document discovery would still work.
oidc-token could then issue a warning if the issuer doesn't match the expected value. This would give the user the opportunity to update the issuer URL.
The text was updated successfully, but these errors were encountered: