-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Define and add crit
JWT claim to issuer-signed JWT
#155
Comments
I think this makes sense. I'd like to hear what @bc-pi thinks about this. (Internal note: As discussed, we need to note that |
For better or worse Off hand, this feels like the kind of thing (what claims are required and what meaning they have security related or otherwise) that would be a part of a particular 'type' (or whatever it might end up being named) definition. Or future security-related things could also be placed in the JWS header and use the |
Thanks! It seems that for now, we should rely on the types to define such things. |
Agree with @bc-pi, verifiers will need to look at the particular |
TIL that OpenID Federation has aspirations for a |
I agree with Brian that it's too late to define a |
There's a nuance missing in the discussion above. Looking at the |
I also added some thoughts in this issue #192 since this one is closed. I like the idea of having something like |
To make sure that implementers can provide proper tooling to allow others to develop use cases, without prior knowledge of future security-related JWT claims, we should use
crit
claim to allow an issuer to indicate which of the JWT claims a verifier has to process or validate.The text was updated successfully, but these errors were encountered: