Issuer validation by Tools in the Ref. Imp.

Forum:

Learning Tools Interoperability Public Forum

Issuer validation by Tools in the Ref. Imp.

Submitted by geoff-va on Tue, 15-Sep-2020 15:27.

I see the following in the 1EdTech Security Spec:

5.1.3 Authentication Response Validation

Tools MUST validate the ID Token in the token response in the following manner:

The Tool MUST Validate the signature of the ID Token according to JSON Web Signature [RFC7515], Section 5.2 using the Public Key from the Platform;

The Issuer Identifier for the Platform MUST exactly match the value of the iss (Issuer) Claim (therefore the Tool MUST previously have been made aware of this identifier);
...

When we create a tool in the reference implementation, we never fill out any information for a platform issuer.

Is this actually being validated in the reference implementation, or somehow done implicitly?

Thanks!

This page contains trademarks of the 1EdTech Consortium, including the 1EdTech logos, TrustEd Apps™, Learning Tools Interoperability (LTI)^®, LTI™,OneRoster^®, Caliper Analytics^®, Common Cartridge^®, Competencies and Academic Standards Exchange^® (CASE^®), Question and Test Interoperability^® (QTI^®), Accessible Portable Item Protocol^® (APIP^®), AccessForAll^®, BadgeConnect^®, and SensorAPI™.

For information on the 1EdTech trademark usage policy, see our trademark policy page.