If the authorization provider returns an iss field in the authorization response, it should be passed into the POST to /oidc and then into the openid-client callback. Fixes issue #441.
If iss is not in the authorization response, it still is sent to the /oidc endpoint but with its value null. If this should be filtered out of the payload on the client side, I will revise the commit.
If the authorization provider returns an
issfield in the authorization response, it should be passed into the POST to/oidcand then into theopenid-clientcallback. Fixes issue #441.If
issis not in the authorization response, it still is sent to the/oidcendpoint but with its value null. If this should be filtered out of the payload on the client side, I will revise the commit.