Hi, Currently WSO2 Identity Server has OpenID connect implantation, but It was not fully compliance with OpenID connect specifications [1]. There are couple of specifications like Core, Discovery, Dynamic Registration, Session Management ...etc. OpenID connect ID Token implementation comes under Core specification [2].
Basically ID Token contains claims about the authentication of an end-user in Base64 encoded manner. ID Token is a JSON Web Token (JWT) and there should be some mandatory attributes according to this [3]. Current implementation of WSO2 Identity Server there are some missing mandatory attributes like - auth_time - nonce - at_hash - acr - amr The effort is to include all these mandatory attributes and introduce signing and encryption for ID Token. ID Tokens MUST be signed using JWS [4] and optionally both signed and then encrypted using JWS and JWE [5] respectively. [1] http://openid.net/connect/ [2] http://openid.net/specs/openid-connect-core-1_0.html [3] http://openid.net/specs/openid-connect-core-1_0.html#IDToken [4] https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31 [5] https://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-31 -- Gayan Gunawardana Software Engineer; WSO2 Inc.; http://wso2.com/ Email: [email protected] Mobile: +94 (71) 8020933
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
