[Openid-specs-ab] Issue #1357: Metadata Discovery with encrypted private_key_jwt (openid/connect)
peppelinux
issues-reply at bitbucket.org
Fri Nov 19 12:19:08 UTC 2021
New issue 1357: Metadata Discovery with encrypted private_key_jwt
https://bitbucket.org/openid/connect/issues/1357/metadata-discovery-with-encrypted
Giuseppe:
In “10.1.1. Authentication Request”, [here](https://github.com/rohe/oidcfederation/blob/master/draft/openid-connect-federation-1_0.txt#L2420), and in OIDC Core 1.0, in “[10. Signatures and Encryption](https://openid.net/specs/openid-connect-core-1_0.html#SigEnc)”, it is specified that a **private\_key\_jwt**, the value of the request object, can be signed and optionally encrypted as well.
In the case of OIDC Federation, considering a negotiation of automatic client registration, if **private\_key\_jwt** is encrypted I believe that it would be appropriate to specify that the "**client\_id**" parameter must be present within the urlencoded parameters OR within the claims of the JWE header.
Otherwise the provider receiving the request would not be able to obtain the **client\_id**, that is the url from which to start the Metadata Discovery procedure.
More information about the Openid-specs-ab
mailing list