- edited description
Registration - 2.1 jwk_encryption_url def wrong
Issue #472
resolved
jwk_encryption_url mentions that it is used for signing of token endpoint, but it is for encryption.
Also, signing or encrypting an endpoint does not make sense. It needs to be either the request or response.
Comments (7)
-
reporter -
reporter - changed status to resolved
-
reporter -
assigned issue to
-
assigned issue to
-
- changed status to new
The current definition is wrong.
OPTIONAL. URL for the Client's JSON Web Key [JWK], used for JWE [JWE] encryption of Token Endpoint Response.
The Token Endpoint currently does not return encrypted responses. I think it should be written more like the x509_encryption_url definition :
OPTIONAL. URL for the Client's JSON Web Key [JWK], used for JWE [JWE] encryption of JWT [JWT] to the Client. If the client registers both jwk_encryption_url and x509_encryption_url the keys contained in both formats SHOULD be the same.
-
-
assigned issue to
Changed encryption of Token Endpoint Response. to encryption of ID Token and User Info Endpoint Responses to the Client. for another ticket. will add missing text about keys matching.
-
assigned issue to
-
re
#472add text about jwk and x5u keys matching -
- changed status to resolved
John has already fixed this as part of another ticket
- Log in to comment