[Openid-specs-ab] Self-issued "sub" claim value ambiguity
John Bradley
ve7jtb at ve7jtb.com
Wed Jan 23 12:52:01 UTC 2013
To be consistent with JWK it should be the concatenation of the base64url encoded values.
It is probably worth mapping it to the JWK values like mod = n, exp = e we use them for EC.
On 2013-01-23, at 5:07 AM, Mike Jones <Michael.Jones at microsoft.com> wrote:
> Standard 5.5, list item 5 says:
> The Client MUST validate that the sub (subject) value is the base64url encoded SHA-256 hash of the concatenation of the key values in the user_jwk claim. When the alg value is RS256, the key values mod and exp are concatenated in that order. When the alg value is ES256, the key values crv, x and y are concatenated in that order.
>
> This language leaves it ambiguous whether the concatenated key values in Standard 5.5 supposed to be the base64url encoded values or the raw key bytes? Following the precedents in the JOSE specs, I assume that we would concatenate the base64url encoded values. Unless I hear objections, I’ll clarify the specs to say that.
>
> Thanks,
> -- Mike
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130123/490e6278/attachment.html>
More information about the Openid-specs-ab
mailing list