[Openid-specs-ab] Issue #1066: Core 5.6.2. Aggregated and Distributed Claims text lacks guidance on signature validation (openid/connect)

Torsten Lodderstedt issues-reply at bitbucket.org
Sat Mar 9 11:53:31 UTC 2019


New issue 1066: Core 5.6.2. Aggregated and Distributed Claims text lacks guidance on signature validation
https://bitbucket.org/openid/connect/issues/1066/core-562-aggregated-and-distributed-claims

Torsten Lodderstedt:

Section 5.6.2 of the OpenID Connect Core spec does not specify how the RP is supposed to check the signature of a nested JWT containing aggregated claims. 

Based on a discussion on the list, I suggest to add text that the JWT SHOULD contain an iss claim which is used to obtain the other claims provider’s JWKS URI.




More information about the Openid-specs-ab mailing list