[Openid-specs-ab] token_endpoint_auth_algs_supported is only for asymmetric?

Brian Campbell bcampbell at pingidentity.com
Wed Oct 10 22:01:17 UTC 2012


I just noticed that the Provider Configuration Response in Discovery*
defines token_endpoint_auth_algs_supported as "A JSON array containing a
list of the JWS signing algorithms [JWA] supported by the Token Endpoint
for the private_key_jwt method to encode the JWT [JWT]. Servers SHOULD
support RS256."

Was that intended to only cover the private_key_jwt asymmetric algorithms?
What about algorithms for client_secret_jwt? I didn't see anything about
the supported MAC algorithms client_secret_jwt. Is that an accidental
omission or is there some reason it's not there that I'm missing?

Thanks,
Brian

*http://openid.net/specs/openid-connect-discovery-1_0.html#anchor10
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20121010/5b0bd625/attachment-0001.html>


More information about the Openid-specs-ab mailing list