openid / connect / issues / #583 - Messages 2.2.1: client auth claims not consistent with draft-jones-oauth-jwt-bearer-04 — Bitbucket

Issue #583 invalid

Vladimir Dzhuvinov created an issue 2012-05-10

In particular:

OpenID Connect Messages lists "jti" as required whereas draft-jones-oauth-jwt-bearer-04 says it's optional.
OpenID Connect Messages doesn't mention "nbf" claim.

Comments (2)

Michael Jones
- changed status to invalid
OpenID Connect needs "jti" for message de-duplication for one-time use assertions, so it's reasonable to make it required in this case.

It doesn't need the "nbf" not-before functionality, and it's optional in JWT and the OAuth JWT profile, so we don't need to say anything about it in OpenID Connect.
- 2012-05-11T00:06:53+00:00
Vladimir Dzhuvinov reporter
Thank you Michael for clarifying this!
- 2012-05-11T08:07:14+00:00
Log in to comment

Assignee: –

Type: bug

Priority: major

Status: invalid

Component: –

Milestone: –

Version: –

Votes: 0

Watchers: 0

Jira: the preferred issue tracker for Bitbucket. Join the team!