[Openid-specs-ab] Review Comments on Dyn Reg
Brian Campbell
bcampbell at pingidentity.com
Thu Nov 14 22:49:42 UTC 2013
I think Torsten raises a good question here. The jwks_uri is great for
clients that have a web server. But there's not really a good story
for native clients who want to use anything other than a shared secret
(for signatures, encryption or authentication to the token endpoint).
Is it too limiting? Seems like it might be...
On Wed, Nov 6, 2013 at 7:11 PM, Torsten Lodderstedt
<torsten at lodderstedt.net> wrote:
>
> jwks_uri - How is this scheme supposed to work for native clients? I assume
> any instance of such an application would use a distinct key pair, which is
> stored locally. Is the client supposed to provide a web server interface? I
> would rather expect this kind of client to provide the public key data
> directly.
More information about the Openid-specs-ab
mailing list