The original JWK thumbprint RFC 7638 essentially describes the method
for composing the hash input from a JWK and that the output is base64url
encoded. SHA-256 is mentioned, but there is no default implied hash
function. This leaves it to applications / other specs to determine.
https://www.rf
The draft doesn’t specify which hash function is being used. I assume it is
SHA-256, but it should either say that is the only algorithm allowed or perhaps
encode the hash algorithm into the URI. Otherwise the value is ambiguous.
Using a (hash of a) public key as an identifier is an idea that h
I support publication of JWK Thumbprint URI specification.
Tim
From: OAuth on behalf of Kristina Yasuda
Date: Thursday, February 3, 2022 at 17:48
To: Vladimir Dzhuvinov , oauth@ietf.org
Subject: Re: [OAUTH-WG] WGLC for JWK Thumbprint URI document
I support publication of JWK Thumbprint URI s
I support publication of JWK Thumbprint URI specification.
Kristina
From: OAuth On Behalf Of Vladimir Dzhuvinov
Sent: Wednesday, February 2, 2022 7:20 AM
To: oauth@ietf.org
Subject: Re: [OAUTH-WG] WGLC for JWK Thumbprint URI document
+1 in support for a jkt URI RFC
Vladimir Dzhuvinov
On 02/02
