CIBA: Require presence of jwks_uri conditionally

Issue #112 resolved
Takahiko Kawasaki created an issue

The page 6 of the 6th draft (draft-mobile-client-initiated-backchannel-authentication-06) says:

it MUST check if a valid "jwks_uri" is set when the backchannel request grant type is present"

Because OpenID Provider implementations don't always support "pairwise", it will be better to add a condition like

if the OpenID Provider supports "pairwise"

Comments (7)

  1. Brian Campbell

    I think condition is also qualified by if the client is registering with subject_type of pairwise.

    But isn't it already qualified by the fact that it's in a section that's dedicated to discussing pairwise identifiers?

  2. Brian Campbell

    The whole selection maybe needs to be updated to reflect the 3 modes now. I think it all applies to both poll and ping.

  3. Dave Tonge

    Yep - we need an update. Because ping mode clients can also just poll we need the same requirements around client auth.

  4. Brian Campbell

    Discussed during the Nov 13 MODRNA WG call and there was general consensus to clarify and update the section in question.

  5. Brian Campbell

    Updated pull request #43 (which is now for this issue as well as for issue #72) with text that attempts to clarify things around PPIDs, metadata and the various modes.

  6. Log in to comment