I like the idea of an encrypted JWT... I guess if there are multiple
AS's, how would you know which key to use? Cycle through each key? Are
you suggesting maybe use a non-encrypted JWT that contains an encrypted
JWT as a value? Something like
{"iss": "https://example.com";,
"token": "fjbfgy5Fdx8ybx0.."
}
Are there any OAuth2 profiles to standardize this approach?
- Mike
--------------------------
Michael Schwartz
Gluu
Founder / CEO
m...@gluu.org
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
