Hi, While implementing I found
Section 4.2 says htu: The *HTTP* target URI (Section 7.1 of [RFC9110]), without query and fragment parts, of the request to which the JWT is attached. While Section 4.3 says the htu claim matches the *HTTPS* URI value for the HTTP request in which the JWT was received, ignoring any query and fragment parts HTTP vs HTTPS cheers Dominick
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
