openid / fapi / issues / #606 - Address concerns related to JWT — Bitbucket

Issue #606 new

Victor Lu created an issue 2023-06-14

https://news.ycombinator.com/item?id=16159301

‌

Comments (3)

Nat Sakimura
This kind of question comes up every now and then.

Creating a FAQ on the use of JWT is a good idea.

Perhaps Oauth.net has one?

Brian has a movie https://www.youtube.com/watch?v=IgKRGS6cQWw on the topic.

Perhaps documenting on what OpenID does only? e.g., ID Token, JAR, JARM, Signed Introspection response.
- 2023-06-28T14:14:11+00:00
Nat Sakimura
- changed status to new
- 2023-06-28T14:17:03+00:00
Brian Campbell
A bit more context - that “movie” is recording of the “JWT or Not: Personally Insecure Reflections on Software (In)Security” session at the Identiverse conference last year.

‌
- 2023-06-28T14:48:04+00:00
Log in to comment

Assignee: –

Type: task

Priority: minor

Status: new

Component: Implementation & Deployment Advice

Milestone: –

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!