Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why is the client_metadata_endpoint required in the config response? #701

Open
togamid opened this issue Feb 17, 2025 · 1 comment
Open

Why is the client_metadata_endpoint required in the config response? #701

togamid opened this issue Feb 17, 2025 · 1 comment

Comments

@togamid
Copy link

togamid commented Feb 17, 2025

Currently, client_metadata_endpoint is a required field of the response of the config endpoint . However, an empty object is a valid response to this endpoint (definition here) and chromium even silently ignores a 404 response (the spec doesn't specify specific behavior for this case).

Why is client_metadata a required field if the IdP technically doesn't even need to implement an actual endpoint to get a working IdP?
@npm1
Copy link
Collaborator

npm1 commented Feb 18, 2025

Yea, this is a fair point. In practice we are treating the client metadata endpoint as optional. I think we could change the spec to make it so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@npm1 @togamid