Hi John, that's a good idea. However, the dynamic client registration should state that the "kid" parameter is used and must be included in the JWK (since the kid is an optional parameter).
The key name is then the 'kid' plus the client id since the value of the kid is not unique by itself. Ciao Hannes On 03/05/2015 12:54 PM, John Bradley wrote: > For signing authentication requests you include the keyid in the JWT, and the > AS looks in the JWKS to find the correct key if there is more than one. > > I don't think that is a problem > > What we probably need to do is pass a keyid in the request if there is more > than one signing key registered for the client. > > John B.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
