[Openid-specs-ab] token_endpoint_auth_algs_supported is only for asymmetric?
bcampbell at pingidentity.com
Thu Oct 11 12:52:07 UTC 2012
On Wed, Oct 10, 2012 at 5:26 PM, John Bradley <ve7jtb at ve7jtb.com> wrote:
> It is intended to cover all of the algs for both symmetric and asymmetric.
> Somehow that got lost in one of the edits. I have fixed it to clarify
> that it is for both.
> John B.
> On 2012-10-10, at 3:01 PM, Brian Campbell <bcampbell at pingidentity.com>
> I just noticed that the Provider Configuration Response in Discovery*
> defines token_endpoint_auth_algs_supported as "A JSON array containing a
> list of the JWS signing algorithms [JWA] supported by the Token Endpoint
> for the private_key_jwt method to encode the JWT [JWT]. Servers SHOULD
> support RS256."
> Was that intended to only cover the private_key_jwt asymmetric algorithms?
> What about algorithms for client_secret_jwt? I didn't see anything about
> the supported MAC algorithms client_secret_jwt. Is that an accidental
> omission or is there some reason it's not there that I'm missing?
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab