BK Comments 6
Issue #89
wontfix
Section 6.2
The Authorization Server MUST perform the signature validation of the JSON Web Signature [RFC7515] signed request object. For this, the
alg
Header Parameter in its JOSE Header MUST match the value of the pre-registered algorithm. The signature MUST be validated against the appropriate key for that client_id and algorithm.
Does "the pre-registered algorithm" concept exist in the specs outside of draft-ietf-oauth-jwt-bcp?
Comments (3)
-
reporter -
reporter - edited description
-
assigned issue to
-
reporter - changed status to wontfix
- Log in to comment
Yes. RFC7591 combined with some of the OAuth Dynamic Client Registration Metadata registry forms the concept. RFC7591 allows clients to register the claims that is in the OAuth Dynamic Client Registration Metadata registry. The registry has
besides others.