[Openid-specs-ab] Issue #982: Error in JWT claim definitions for client authentication (openid/connect)

Justin Richer issues-reply at bitbucket.org
Tue Sep 8 11:11:27 UTC 2015


New issue 982: Error in JWT claim definitions for client authentication
https://bitbucket.org/openid/connect/issues/982/error-in-jwt-claim-definitions-for-client

Justin Richer:

In the definitions of client_secret_jwt and private_key_jwt, the exp claim is defined as:

exp
  REQUIRED. Expiration time on or after which the ID Token MUST NOT be accepted for processing.

These should likely both say “the JWT MUST NOT” instead of “the ID Token MUST NOT”. 




More information about the Openid-specs-ab mailing list