Well that’s what I’m saying — we could have had restrictions within JWK (and maybe even a different syntax) that would guarantee a unique key ID, as well as ways to talk about it from the outside.
— Justin > On Jan 15, 2020, at 3:53 PM, Vladimir Dzhuvinov <vladi...@connect2id.com> > wrote: > > On 14/01/2020 04:25, Justin Richer wrote: >> It would’ve been nice if JWK could’ve agreed on a URL-based addressing >> format for individual keys within the set, but that ship’s sailed. > > For querying / selecting JWKs from a set this would have been a useful > addition to the spec. > > But I don't see how such an URL can help us to identify a single JWK in > a set, given the possibility to have multiple JWKs with the same "kid". > > I.e. if we do "https://example.com/jwks.json?kid=xyz";, there is no > guarantee for a single key. Even if we add additional query params, like > use, alg, etc, none of them guarantees a unique JWK identification. > > I like the utility of that though. > > Vladimir > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
