openid / connect / issues / #820 - Messages/Registration preclude a client who wants encrypted content but doesn't sign? — Bitbucket

Issue #820 resolved

Brian Campbell created an issue 2013-03-28

Wouldn't it be reasonable to think that some clients would want encrypted id tokens sent to them but would not sign requests? I'd think so. But the wording for jwks_uri for clients at http://openid.net/specs/openid-connect-messages-1_0-16.html#sigenc.key would seem to preclude that (for asymmetric anyway).

Same/similar text is in http://openid.net/specs/openid-connect-registration-1_0.html#client-metadata for jwks_uri

Comments (2)

Michael Jones
- changed milestone to Implementer's Draft
- assigned issue to
  
  Michael Jones
We will relax the language to not require the client to have a signing key present.
- 2013-03-28T14:19:40+00:00
Michael Jones
- changed status to resolved
Fixed ~~#820~~ - Removed assumption that Clients that want encrypted responses also sign requests.

→ <<cset a5daeae04cbb>>
- 2013-05-03T01:37:05+00:00
Log in to comment

Assignee: Michael Jones

Type: bug

Priority: major

Status: resolved

Component: Messages

Milestone: Implementer's Draft

Version: –

Votes: 0

Watchers: 0

Jira: the preferred issue tracker for Bitbucket. Join the team!