-
assigned issue to
Error in JWT claim definitions for client authentication
Issue #982
resolved
In the definitions of client_secret_jwt and private_key_jwt, the exp claim is defined as:
exp REQUIRED. Expiration time on or after which the ID Token MUST NOT be accepted for processing.
These should likely both say “the JWT MUST NOT” instead of “the ID Token MUST NOT”.
Comments (3)
-
-
- changed status to open
WG agreed in the call Sept. 14, 2015
-
- changed status to resolved
Fixed
#982- Error in JWT claim definitions for client authentication→ <<cset 21b9379429e1>>
- Log in to comment
Agreed - this is a fix we should make.