Right, but do we need to say that in Dyn-Reg? That's really more of a
problem for the protocol using the keys, not the one registering it for use.
-- Justin
On 3/5/2015 7:58 AM, John Bradley wrote:
I am ok with saying that the JWK must have keyed if there is more than one key
and it SHOULD if there is only one.
Sent from my iPhone
On Mar 5, 2015, at 1:43 PM, Hannes Tschofenig <hannes.tschofe...@gmx.net> wrote:
Hi John,
that's a good idea. However, the dynamic client registration should
state that the "kid" parameter is used and must be included in the JWK
(since the kid is an optional parameter).
The key name is then the 'kid' plus the client id since the value of the
kid is not unique by itself.
Ciao
Hannes
On 03/05/2015 12:54 PM, John Bradley wrote:
For signing authentication requests you include the keyid in the JWT, and the
AS looks in the JWKS to find the correct key if there is more than one.
I don't think that is a problem
What we probably need to do is pass a keyid in the request if there is more
than one signing key registered for the client.
John B.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
