[Federation] Explicitly type JWTs returned from the resolve endpoint
This is the only OIDC Federation 1.0 related token that remains untyped.
Proposal: application/trust-chain+jwt
(as “typ” JWT header becomes trust-chain+jwt
)
Comments (7)
-
-
reporter Another possible variant:
application/entity-resolve-response+jwt
.So that it aligns with
application/entity-statement+jwt
. -
Well, if we agree it would be time for a PR
I’m ok with
application/resolve-response+jwt
-
considering that
application/entity-statement+jwt
doesn’t specify if it’s intended for request or response, we know that the http request to the fetch endpoint doesn’t have this information I’m wondering to have the same approach also in the response mime typeso, I’m also considering
application/entity-resolve+jwt
-
-
assigned issue to
On the 2-Sep-22 Federation Editor’s call, we agreed to define and use “application/resolve-response+jwt“.
-
assigned issue to
-
-
- changed status to resolved
- Log in to comment
nice hint, however the resolve response is not a trust chain but a jwt that may contain optionally a trust chain.
application/federation-resolve+jwt
seems more familiar to me