Sharebar?

Issuer validation by Tools in the Ref. Imp.

Issuer validation by Tools in the Ref. Imp.

I see the following in the 1EdTech Security Spec:

5.1.3 Authentication Response Validation

Tools MUST validate the ID Token in the token response in the following manner:

The Tool MUST Validate the signature of the ID Token according to JSON Web Signature [RFC7515], Section 5.2 using the Public Key from the Platform;

The Issuer Identifier for the Platform MUST exactly match the value of the iss (Issuer) Claim (therefore the Tool MUST previously have been made aware of this identifier);
...

When we create a tool in the reference implementation, we never fill out any information for a platform issuer.

Is this actually being validated in the reference implementation, or somehow done implicitly?

Thanks!