Multi-usage type key ok?
Issue #1172
resolved
There was a question posted in OAUTH-WG regarding PAR on May 12.
Also, I have a question about using JWT for initial request registration, I'm enforcing default asymmetric authentication (private_key_jwt, and mTLS (not implemented yet) with restricted encryption algorithms, if I use the private key of the client to sign the JWT request registration, and use client_assertion, it sounds for me like using the same key for multiple purposes.
Do we want to give some guidance on it?
Comments (3)
-
-
reporter
- changed title to Multi-usage type key ok?
-
- changed status to resolved
Closing on 20-Jul-20 per decision on the working group call
- Log in to comment
On the 4-Jun-20 call, we didn’t see an actual problem with this key usage. In both cases, it’s the client signing the requests for the same purpose.