[Openid-specs-ab] siopv2 sub claim format
Nikos Fotiou
fotiou at aueb.gr
Thu Dec 8 08:35:28 UTC 2022
Hi,
In siop v2
(https://openid.net/specs/openid-connect-self-issued-v2-1_0.html#name-self-i
ssued-id-token) when it comes to the "self-issued ID Token" section 12 says:
"sub[.]When Subject Syntax Type is JWK Thumbprint, the value is the
base64url encoded representation of the thumbprint of the key in the sub_jwk
Claim"
Then, a example follows where the "sub" claim is indeed a base64url encoded
representation of key thumbprint. However, in section 12.1 the text says:
"The RP MUST identify which Subject Syntax Type is used based on the URI of
the sub Claim. Valid values defined in this specification are
urn:ietf:params:oauth:jwk-thumbprint for JWK Thumbprint Subject Syntax Type
and did: for Decentralized Identifier Subject Syntax Type"
This confuses me. Which of the following is the correct syntax for the sub
claim when Subject Syntax Type is JWK Thumbprint:
"sub": "NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs",
Or
"sub":
"urn:ietf:params:oauth:jwk-thumbprint:NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsR
GC9Xs",
Best,
Nikos
--------
Nikos Fotiou - <https://www.fotiou.gr> https://www.fotiou.gr
Researcher - Mobile Multimedia Laboratory
Athens University of Economics and Business
<https://mm.aueb.gr/> https://mm.aueb.gr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20221208/e52e915c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6501 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20221208/e52e915c/attachment.p7s>
More information about the Openid-specs-ab
mailing list