Skip to content

Feature Request: Support OpenID Connect Token Validation #375

Description

@WilliamDenniss

AppAuth for iOS recently added support for OpenID Connect ID Token validation (but not signature verification, electing to use the option allowed in the specification for not verifying signatures of ID Tokens received over TLS from the token endpoint).

This feature was added in two stages:
1/ Add support for 'nonce' on the authorization request
2/ Parse the ID Token (if any) and validate the fields according to OpenID Connect Core Section 3.1.3.7 (excluding rules #1, #4, #5, #7, #8, #12, and #13 which did not apply).

With this feature in place, we were also then able to implement the OpenID Connect RP Certification test suite, which is now part of our test suite that runs on CI.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions