You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the first JWT, it looks like "jti": "nonce" should be "jti": "challenge from Sec-Session-Challenge header"
"key":"public key" is vague. Perhaps use a jwk?
Why is the session ID not in the first JWT as a sub?
Why is the second JWT different? Could it not be the same?
It looks like you are intentionally not having a iss claim, clarify it should not be included, as well as what else should not be included. This then leads to describing the JWT verification steps the server should follow
The text was updated successfully, but these errors were encountered:
In the first JWT, it looks like
"jti": "nonce"should be"jti": "challenge from Sec-Session-Challenge header""key":"public key"is vague. Perhaps use ajwk?Why is the session ID not in the first JWT as a
sub?Why is the second JWT different? Could it not be the same?
It looks like you are intentionally not having a
issclaim, clarify it should not be included, as well as what else should not be included. This then leads to describing the JWT verification steps the server should followThe text was updated successfully, but these errors were encountered: