JARM JWE-only language is not consistent with JARM
Issue #1863
resolved
The current extension of JARM to use JWE only (with no JWS) is not consistent with the JARM spec. We should omit iss, aud an exp in the JWT Claims Set if only JWE was used. Furthermore, processing rules defined in JARM regarding JWS and these claims don’t apply.
Comments (4)
-
reporter -
reporter `iss`,
aud
andexp
don’t really have value if JWE only is used. We should make: iss, aud and exp optional and explicitly state which processing rules defined in JARM don’t apply for those claims and for checking the JWS signature. -
reporter - changed status to resolved
resolved by merging https://bitbucket.org/openid/connect/pull-requests/478
-
PR merged.
- Log in to comment
Updated:
PR is here https://bitbucket.org/openid/connect/pull-requests/478