[Openid-specs-ab] request_uris parameter of Dynamic Client Registration
Mike Jones
Michael.Jones at microsoft.com
Wed Nov 26 21:05:52 UTC 2014
To rotate the keys, you just write new keys to the location pointed to by jwks_uri. This is described at http://openid.net/specs/openid-connect-core-1_0.html#RotateSigKeys and subsequent sections. You don't perform a new registration or get a new Client ID or Client Secret.
-- Mike
-----Original Message-----
From: Mike Schwartz [mailto:mike at gluu.org]
Sent: Wednesday, November 26, 2014 1:02 PM
To: John Bradley
Cc: Chuck Mortimore; Mike Jones; openid-specs-ab at lists.openid.net
Subject: Re: [Openid-specs-ab] request_uris parameter of Dynamic Client Registration
On 2014-11-26 14:23, John Bradley wrote:
> I think I recommended using the jwks_uri in registration for the
> client to publish an endpoint for it’s keys if it is going to rotate
> them.
>
jwks_uri is a great idea...
To update the client secret, a new client is registered with the same jwks_uri?
And "Sector Identifier" also looks very interesting. Good point Mike Jones...
- Mike Schwartz
Gluu
More information about the Openid-specs-ab
mailing list