Messages - Don't use x5u or jku header fields in ID Tokens

Issue #831 resolved
Michael Jones created an issue

Per discussions on the list, we agreed to say that ID Tokens must not use the x5u or jku header fields. (We are communicating keys via discovery and registration instead.)

Comments (1)

  1. Michael Jones reporter

    Fixed #831 - Stated that JWS and JWE header parameters used to communicate key values and key references should not be used in ID Tokens, since these are communicated in advance using Discovery and Registration parameters.

    → <<cset 8228cb31a10b>>

  2. Log in to comment