[Openid-specs-ab] Issue #1543: SIOPv2: Clarify "bare" JWK in sections 13 & 13.1 (openid/connect)
Vladimir Dzhuvinov
issues-reply at bitbucket.org
Mon Jul 4 11:00:20 UTC 2022
New issue 1543: SIOPv2: Clarify "bare" JWK in sections 13 & 13.1
https://bitbucket.org/openid/connect/issues/1543/siopv2-clarify-bare-jwk-in-sections-13-131
Vladimir Dzhuvinov:
The current `sub_jwk` spec says it MUST be a “bare” key in JWK format.
[https://openid.net/specs/openid-connect-self-issued-v2-1\_0-06.html#name-self-issued-id-token](https://openid.net/specs/openid-connect-self-issued-v2-1_0-06.html#name-self-issued-id-token)
I was wondering about what that means in practice. I’m also unsure how to interpret the “not an X.509 certificate value”. Is this to mean a JWK with only the mandatory"kty" and those params that define the public key material? Are SIOP and RP expected to check the key for certain things to make sure it conforms with this definition of “bare”?
More information about the Openid-specs-ab
mailing list