1. Nat Sakimura Avatar Nat Sakimura
  2. Untitled project
  3. oauth-jwsreq
  4. Issues

Section 3, it is unclear whether the Request Object can be a JWE only or if a JWS is always used

Issue #8 resolved
Nat Sakimura repo owner created an issue

From the wording in Section 3, it is unclear whether the Request Object can be a JWE only or if a JWS is always used (with alg:none for unsigned) and is nested within a JWE when encryption but not singing is needed. To my reading there is text that suggest both cases. Which is it? I think some clarification is needed around this. (Brian Campbell)

The intent is that it can be:

  • JWS only
  • JWE only
  • JWSed then JWEed.

The editor tried to reconstruct the section to clarify it. Please see -07 to find out if it worked. A concrete text would be appreciated.

Comments (1)

  2. Log in to comment
Assignee
Type
bug
Priority
major
Status
resolved
Votes
0
Watchers
0
Jira: the preferred issue tracker for Bitbucket. Join the team!