You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Issue
It is unclear whether JWT shall be or may be signed.
The profile says JWT token shall be signed as specified in JSON Web Signature [RFC7515], which would require the use of JWS, but the next sentence starts with If signed. The first sentence could then be understood as "If signed, one must follow RFC7515" (i.e. a restriction on the signature method, and not an unconditional requirement).
Proposed Change
N/A
Priority:
N/A
The text was updated successfully, but these errors were encountered:
Section Number 3.71.4.2.2.1
Issue
It is unclear whether JWT shall be or may be signed.
The profile says JWT token shall be signed as specified in JSON Web Signature [RFC7515], which would require the use of JWS, but the next sentence starts with If signed. The first sentence could then be understood as "If signed, one must follow RFC7515" (i.e. a restriction on the signature method, and not an unconditional requirement).
Proposed Change
N/A
Priority:
N/A
The text was updated successfully, but these errors were encountered: