Hi Justin, Hi all, In context of the draft-ietf-oauth-pop-key-distribution-01 update we just ran into a question regarding key naming.
The Dynamic Client Registration Protocol defines these two parameters
that allow a client to upload a public key to the authorization server:
jwks_uri
URL referencing the client's JSON Web Key Set [JWK] document,
which contains the client's public keys. The value of this field
MUST point to a valid JWK Set document. These keys can be used by
higher level protocols that use signing or encryption. For
instance, these keys might be used by some applications for
validating signed requests made to the token endpoint when using
JWTs for client authentication [OAuth.JWT]. Use of this parameter
is preferred over the "jwks" parameter, as it allows for easier
key rotation. The "jwks_uri" and "jwks" parameters MUST NOT both
be present in the same request or response.
jwks
Client's JSON Web Key Set [JWK] document value, which contains the
client's public keys. The value of this field MUST be a JSON
object containing a valid JWK Set. These keys can be used by
higher level protocols that use signing or encryption. This
parameter is intended to be used by clients that cannot use the
"jwks_uri" parameter, such as native clients that cannot host
public URLs. The "jwks_uri" and "jwks" parameters MUST NOT both
be present in the same request or response.
Now, the question is how these keys are actually referenced? What do I
need to indicate to select a specific key when I want to use these keys.
Ciao
Hannes
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
