[Openid-specs-fapi] JWT Secured Authorization Response Mode (#155)

Vladimir Dzhuvinov vladimir at connect2id.com
Sat Aug 18 08:09:51 UTC 2018

Do we also want to cover the hybrid OIDC flows? And if we do, could
there be implications with having the state in a encrypted JWT?

Other than that I don't see why having the state in a encrypted JWT
wouldn't work.

One of my original concerns was that validation of the signed JWTs
becomes a bit more complicated and some libs may not readily support
this, i.e. use JWT claims as inputs to the validation. But this is
mostly an implementation issue.


On 17/08/18 20:24, Brian Campbell via Openid-specs-fapi wrote:
> Yeah, I think that captures the general processing flow.
> On Fri, Aug 17, 2018 at 8:50 AM Torsten Lodderstedt <torsten at lodderstedt.net>
> wrote:
>> Hi Brian,
>>> Am 17.08.2018 um 15:39 schrieb Brian Campbell <
>> bcampbell at pingidentity.com>:
>>> Good point. OIDC Core (
>> http://openid.net/specs/openid-connect-core-1_0.html#Security) does not
>> discuss this attack angle. From your perspective, what is the typical way
>> to detect crafted/modified ID Tokens in the id_token flow?
>>>  Checking the signature. But if the issuer isn't known or expected,
>> don't go trying to find keys for it, just reject the token.
>> I would like to summarize the discussion regarding handling of state value
>> and response processing.
>> From what I understand, the processing would work as follows (assuming the
>> „state" is carried in the JWT):
>> 1) decrypt JWT using the client's private key - the key is determine by
>> the „kid“ header parameter
>> 2) obtain „state“ from JWT
>> 3) check binding of state value to user agent, if check fails - abort
>> processing
>> 4) obtain „iss" from JWT
>> 5) check whether „iss" is known and expected („aud“ could be checked in
>> this step as well), if not abort processing
>> 6) obtain signing key based on „iss“ and „kid"
>> 7) check signature, if signature validation fails - abort processing
>> 8) use response parameters
>> Does this capture your thoughts correctly?
>> Kind regards,
>> Torsten.
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fapi

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20180818/4f36af0b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4002 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20180818/4f36af0b/attachment-0001.p7s>

More information about the Openid-specs-fapi mailing list