6. Metadata
Express something about:
Client (an unregistered one)
Provider
Schema similar to:
OpenID Connect Discovery Response describes a
provider
OpenID Connect Dynamic Client registration
request describes a client
Using JWS to sign and chain trust to a common root
6
20. OpenID Client requirements
100% vanilla OpenID Connect Core Client should interop with
OIDC Fed Provider.
Restrictions on what part of [Core] to use. Typically client
authentication using private_key_jwt
The client may want to filter / configure which OP to trust. This can
typically be added as a hook in the Discovery process.
Will need to host a well-known static document at client hostname,
pointing to a registry or other that issues a signed metadata
statement about the client.
20
21. OpenID Provider requirements
Single hook where to validate and discover OIDC client metadata.
Typically implement the client configuration store
getClientConfig(String client_id)
getClientConfig(‘https://client.example.org’)
Will need to publish a signed Metadata Statement along with
Provider config at well known location.
21