Messages - Don't use x5u or jku header fields in ID Tokens

Issue #831 resolved
Michael Jones
created an issue

Per discussions on the list, we agreed to say that ID Tokens must not use the x5u or jku header fields. (We are communicating keys via discovery and registration instead.)

Comments (1)

  1. Michael Jones reporter

    Fixed #831 - Stated that JWS and JWE header parameters used to communicate key values and key references should not be used in ID Tokens, since these are communicated in advance using Discovery and Registration parameters.

    → <<cset edbbc7c9e7e6>>

  2. Log in to comment