Trust domain/audience claim format URI or StringOrUri? #66
Comments
obfuscoder
pushed a commit
to obfuscoder/oauth-transaction-tokens
that referenced
this issue
Jan 30, 2024
obfuscoder
pushed a commit
to obfuscoder/oauth-transaction-tokens
that referenced
this issue
Jan 30, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In the Terminology section, the Trust Domain value is being defined and referenced in the aud claim as universal resource identifier. It should be spelled Universal Resource Identifier and a reference to RFC3986 should be added.
However, later in the document, the aud claim value is specified as defined in RFC7519. This RFC defines the aud claim as "StringOrURI". The different passages should be aligned.
Furthermore, the examples for the aud claim values should be aligned accordingly. In section Txn-Token Request the POST request example to the token service uses:
&audience=http%3A%2F%2Ftrust-domain.exampleIf an URI is used, I suggest to use 'https' instead of 'http'.
Later the JWT body example of the Txn-Token just uses a string:
"aud": "trust-domain.example",The text was updated successfully, but these errors were encountered: