AppAuth for iOS recently added support for OpenID Connect ID Token validation (but not signature verification, electing to use the option allowed in the specification for not verifying signatures of ID Tokens received over TLS from the token endpoint).
This feature was added in two stages:
1/ Add support for 'nonce' on the authorization request
2/ Parse the ID Token (if any) and validate the fields according to OpenID Connect Core Section 3.1.3.7 (excluding rules #1, #4, #5, #7, #8, #12, and #13 which did not apply).
With this feature in place, we were also then able to implement the OpenID Connect RP Certification test suite, which is now part of our test suite that runs on CI.
AppAuth for iOS recently added support for OpenID Connect ID Token validation (but not signature verification, electing to use the option allowed in the specification for not verifying signatures of ID Tokens received over TLS from the token endpoint).
This feature was added in two stages: 1/ Add support for 'nonce' on the authorization request 2/ Parse the ID Token (if any) and validate the fields according to OpenID Connect Core Section 3.1.3.7 (excluding rules #1, #4, #5, #7, #8, #12, and #13 which did not apply).
With this feature in place, we were also then able to implement the OpenID Connect RP Certification test suite, which is now part of our test suite that runs on CI.