search

solid / solid-oidc

The repository for the Solid OIDC authentication specification.
https://solid.github.io/solid-oidc/
MIT License
19 stars 13 forks source link

Mistakes in the 12th step of the Request flow in the Solid-OIDC Primer #229

Closed lecoqlibre closed 8 months ago

lecoqlibre commented 8 months ago

The step 12 of the Request Flow seems to be mistaken.

Indeed, the description starts by saying "Using the kid value in the ID token" but there is no such kid value in the ID token (body). Should not it be in the "ID token header" instead?

The title on the diagram talk about verifying the access token but should not it be about verifying the ID token instead?

Should I make a PR?

elf-pavlik commented 8 months ago

Indeed, the description starts by saying "Using the kid value in the ID token" but there is no such kid value in the ID token (body). Should not it be in the "ID token header" instead?

The current text doesn't specify payload or header, I think it assumes that one will refer to JWS spec for those details. I'm wondering if we should add kid to the snippet in 19. Generates the id_token. Matching the kid from 11. Requests JWKS

The title on the diagram talk about verifying the access token but should not it be about verifying the ID token instead?

You are right, the note in the diagram needs to be corrected.

Should I make a PR?

Yes! Please

lecoqlibre commented 8 months ago

The current text doesn't specify payload or header, I think it assumes that one will refer to JWS spec for those details.

Ok we could maybe add a link to this specification?

I'm wondering if we should add kid to the snippet in 19. Generates the id_token. Matching the kid from 11. Requests JWKS

I think that it can help as I looked exactly at this when reading the primer to try to implement. And the two steps do refer to the same user (Alice) and OP (https://secureauth.example).

elf-pavlik commented 8 months ago

fixed in #230