[Openid-specs-ab] Issue #2133: [Federation] Explicit client registration: Fix discrepancy for the "jwks" claim requirement in registration responses (openid/connect)
Vladimir Dzhuvinov
issues-reply at bitbucket.org
Fri Mar 15 12:05:44 UTC 2024
New issue 2133: [Federation] Explicit client registration: Fix discrepancy for the "jwks" claim requirement in registration responses
https://bitbucket.org/openid/connect/issues/2133/federation-explicit-client-registration
Vladimir Dzhuvinov:
In the Entity Statement “jwks” definition we have:
[https://openid.bitbucket.io/connect/openid-federation-1\_0.html#section-3-5.10](https://openid.bitbucket.io/connect/openid-federation-1_0.html#section-3-5.10)
> This claim is only OPTIONAL for the Entity Statement returned from an OP when the client is doing Explicit Registration.
In the Explicit Client Registration for “jwks” we have:
[https://openid.bitbucket.io/connect/openid-federation-1\_0.html#section-12.2.2.1-4.10](https://openid.bitbucket.io/connect/openid-federation-1_0.html#section-12.2.2.1-4.10)
> REQUIRED. It MUST be a verbatim copy of the `jwks` of the received RP Entity Configuration. This MUST not be confused with the identically named RP metadata parameter. See [Section 3](https://openid.bitbucket.io/connect/openid-federation-1_0.html#entity-statement) for the full specification.
RPs that do explicit registration don’t really need to have their own “jwks” echoed back to them, so the OPTIONAL in section 3 is correct and 12.2.2.1 appears to not have missed the edit to match that.
More information about the Openid-specs-ab
mailing list