Strictly speaking the JWT is signed by the "iss" identity provider's private
key and validated by the client using the identity providers public key.
Though lots of documents talk about signing with "public keys" using the term
more conceptually.
You could say "signed by the private portion
ops sorry forget about it… of course this is correct… For some reason I read
"signed with the identity provider's public key” :)
regards
antonio
On Nov 3, 2014, at 8:27 PM, Antonio Sanso wrote:
> nice stuff Justin.
> Little nitpicking: is just me or this sounds a bit weird "signed by the
> id
nice stuff Justin.
Little nitpicking: is just me or this sounds a bit weird "signed by the
identity provider's public key” ?
regards
antonio
On Nov 3, 2014, at 5:30 AM, Justin Richer wrote:
> As of earlier this evening, I've published the article that we've been
> working on about dealing w
Hi Justin,
On 03/11/14 04:30, Justin Richer wrote:
As of earlier this evening, I've published the article that we've been
working on about dealing with OAuth and end-user authentication. It's
available here:
http://oauth.net/articles/authentication/
Huge thanks to everyone who commented on the
As of earlier this evening, I've published the article that we've been
working on about dealing with OAuth and end-user authentication. It's
available here:
http://oauth.net/articles/authentication/
Huge thanks to everyone who commented on the text, both here on the list
and last week at IIW.
