OIDC dynamic registration policy ID
cantor.2 at osu.edu
Wed Apr 27 00:00:35 UTC 2022
On 4/26/22, 6:37 PM, "users on behalf of Wessel, Keith via users" <users-bounces at shibboleth.net on behalf of users at shibboleth.net> wrote:
> The policyId parameter of the OIDC dynamic registration endpoint in 4.2 says it's value: "Identifies a
> metadata policy by means of an identifier that maps back to a matching/named RelyingParty override."
It should really say "matching", not "named". It's referring to the "id" attribute in the override. People often don't set them, but all of them can have a unique id.
> That partly makes sense: I can configure a different policy file for the OIDC registration profile in that relying
> party override.
It's a policy by reference where you authorize somebody to "connect" their registration request to that bean but you get to control the policy it uses, change it without re-issuing tokens, etc.
More information about the users