[Openid-specs-ab] Aggregated and Distributed Claims

Torsten Lodderstedt torsten at lodderstedt.net
Mon Mar 4 15:38:34 UTC 2019

Hi all, 

I just worked my way through section 5.6.2 of the OpenID Connect Core spec and I'm wondering how a RP is supposed to check the signature of a nested JWT containing aggregated claims. There is no text that the JWT must contain an „iss" claim that could be used to obtains the other claims provider’s JWKS URI. 

What is the assumption of the spec how signature validation should work?

kind regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3923 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190304/6ad54be6/attachment.p7s>

More information about the Openid-specs-ab mailing list