Charset should be explicitly noted (Vladimir)
Issue #13
invalid
- I see that no particular charset for the resource contents referenced by the request_uri is mandated, and there is no mention that the web server should indicate the charset. I suppose this was meant to make JWT deployments / uploads easier. However, this may also lead to problems if the AS tries to validate the SHA-256 hash and doesn't know what charset was used (is anyone actually expected to be validating the fragment if present?) JWT (RFC 7519) is explicit on UTF-8 though.
Comments (2)
-
reporter -
reporter - changed status to invalid
I thought of adding a note, but it would really be duplicating the requirements of request object and probably redundant.
- Log in to comment
Actually, since the content of the request_uri MUST be a request object, which MUST be a JWT, which MUST be UTF-8, it is UTF-8.
I can still put a note though.