[Openid-specs-ab] Aggregated and Distributed Claims
torsten at lodderstedt.net
Mon Mar 4 15:38:34 UTC 2019
I just worked my way through section 5.6.2 of the OpenID Connect Core spec and I'm wondering how a RP is supposed to check the signature of a nested JWT containing aggregated claims. There is no text that the JWT must contain an „iss" claim that could be used to obtains the other claims provider’s JWKS URI.
What is the assumption of the spec how signature validation should work?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3923 bytes
Desc: not available
More information about the Openid-specs-ab