Adapt validation for authorization_endpoint, token_endpoint, device_authorization_endpoint

XMLWordPrintableJSON

    • Server Security
    • Minor Change
    • v8.0, v7.0
    • Security 2024-05-13, Security 2024-05-27, Security 2024-06-10
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      When loading a new OIDC identity provider configuration, the server contacts the issuer's well-known URI to retrieve the discovery document. The discovery document may contain several endpoints such as the authorization_endpoint, issuer, token_endpoint, device_authorization_endpoint, and jwks_uri. Of these, the server only directly uses the issuer and jwks_uri, but it currently asserts that all of these endpoints are URLs starting with https://.

      Some IdPs supply URNs or other types of formats for the endpoints. The server should adapt its validation to also be able to handle these cases.

       

              Assignee:
              Varun Ravichandran
              Reporter:
              Varun Ravichandran
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: