The OpenID Connect working group has released an update to the OpenID Connect specifications that continues incorporating significant developer feedback received, while maintaining as much compatibility with the implementer’s drafts as possible. The Connect specs have also been updated to track updates to the OAuth and JOSE specs, which they use. The primary normative changes are as follows:
- Make changes to allow path in the issuer_identifier, per issue #513
- Add hash and hash check of access_token and code to id_token, per issue #510
- Split encrypted response configurations into separate parameters for alg, enc, int
- Added optional id_token to authorization request parameters, per issue #535
- Now requested claims add to those requested with scope values, rather than replacing them, per issue #547
- Added error interaction_required and removed user_mismatched, per issue #523
- Changed invalid_request_redirect_uri to invalid_redirect_uri, per issue #553
- Removed “embedded” display type, since its semantics were not well defined, per issue #514
A significant non-normative addition is:
- Add example JS code for Basic client
Implementers are particularly encouraged to build and provide feedback on the new and modified features.
The new versions are available from http://openid.net/connect/ or at:
- http://openid.net/specs/openid-connect-basic-1_0-17.html
- http://openid.net/specs/openid-connect-discovery-1_0-08.html
- http://openid.net/specs/openid-connect-registration-1_0-10.html
- http://openid.net/specs/openid-connect-messages-1_0-09.html
- http://openid.net/specs/openid-connect-standard-1_0-09.html
- http://openid.net/specs/openid-connect-session-1_0-06.html
- http://openid.net/specs/oauth-v2-multiple-response-types-1_0-04.html
1 Pingback