search

jaredhanson / passport-openidconnect

OpenID Connect authentication strategy for Passport and Node.js.
https://www.passportjs.org/packages/passport-openidconnect/?utm_source=github&utm_medium=referral&utm_campaign=passport-openidconnect&utm_content=about
MIT License
188 stars 173 forks source link

Why is the "issuer" option enforced? It should be optional. #47

Closed atalis closed 7 years ago

atalis commented 7 years ago

According to the specifications (https://openid.net/specs/openid-connect-discovery-1_0.html#IssuerDiscovery) the "issuer" parameter is OPTIONAL. But because of #39 it is now required. What was a rational for this? We have no use for this parameter, and I don't even know what to put in.

panva commented 7 years ago

https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata

issuer property is REQUIRED for the discovery document, and it's necessary to have the expected issuer identifier for ID Token validation defined in http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation