-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Retrieving the TLS cert to be bound to the token #183
Comments
Are you talking about access tokens obtained from the token endpoint? As per https://tools.ietf.org/html/rfc8705 the token should be bound to the certificate presented at the token endpoint. All the relevant vendors already implement this as it's part of a FAPI-RW, it's not unique to CDR. |
Hi @SachiniSiriwardene in addition to @jogu comments, can you please clarify the issue you're trying to resolve with the question "is there a recommended format for the published jwks endpoint of the DR?" |
I was under the impression that the tls cert will have to be obtained through the respective jwks endpoint of the ADR. Hence the question regarding the format of the jwks. @jogu thanks for the advice. I assume that the TLS cert then can be obtained from the request itself. I was in doubt about this since the method of authentication to the token endpoint in CDR is mentioned as pvt_key jwt. |
Hi @SachiniSiriwardene the relevant normative standard is RFC 7517 - JSON Web Key (JWK). There are further details in the Dynamic Client Registration section of the CDR Register. |
This issue has been closed as per the Data Standards Maintenance process. No further questions or comments have been received since an answer was provided. |
Request For Clarification
This query was initially raised in https://github.com/cdr-register/register/issues/56.
Raising it here again since an adequate response was not recieved.
How is the value for the KID computed in the JWKS? Is there any standard that should be followed?
Need to clarify this since the kid value is needed to obtain the TLS certificate in order to bind it to the token. (Holder of Key)
Also, is there a recommended format for the published jwks endpoint of the DR?
The text was updated successfully, but these errors were encountered: