<div dir="ltr">Not really. There was a "jkt" JOSE header defined in an early draft but it was later pulled out.  <a href="https://tools.ietf.org/rfcdiff?url2=draft-ietf-jose-jwk-thumbprint-02.txt">https://tools.ietf.org/rfcdiff?url2=draft-ietf-jose-jwk-thumbprint-02.txt</a><br><br><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Oct 5, 2015 at 10:29 AM, Sergey Beryozkin <span dir="ltr"><<a href="mailto:sberyozkin@gmail.com" target="_blank">sberyozkin@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Brian<br>
<br>
Finally got a chance to add these tests, luckily without having to tweak the source code :-), thanks for providing the extra test material:<br>
<a href="http://git-wip-us.apache.org/repos/asf/cxf/commit/bdad3fe6" rel="noreferrer" target="_blank">http://git-wip-us.apache.org/repos/asf/cxf/commit/bdad3fe6</a><br>
<br>
However, I wonder, can JWK thumbprints be used in the inter-operable way as JWS or JWE header values ? This is something I'd like to experiment with but so far I've only seen a text reference to thumbprints in a section describing Self-Signed OpenIdConnect providers<br>
<br>
Cheers, Sergey<span class=""><br>
On 21/09/15 16:42, Brian Campbell wrote:<br>
</span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
I added JWK Thumbprint support to my JOSE/JWT library<br></span>
<<a href="https://bitbucket.org/b_c/jose4j" rel="noreferrer" target="_blank">https://bitbucket.org/b_c/jose4j</a>> this morning. Does anyone else have<span class=""><br>
an implementation handy?<br>
<br>
The example in section 3.1<br></span>
<<a href="http://tools.ietf.org/html/rfc7638#section-3.1" rel="noreferrer" target="_blank">http://tools.ietf.org/html/rfc7638#section-3.1</a>> provided a nice<div><div class="h5"><br>
opportunity to check my work with an "RSA" key type. However, there are<br>
no examples for "EC" or "oct" keys. While it should be pretty<br>
straightforward to implement, for me anyway, dumb little mistakes are<br>
certainly within the realm of possibility. So, if anyone would like to<br>
check their work against mine, a few JWKs followed by the base64url<br>
encoded SHA-256 hash of the RFC 7638 thumbprint are below. I'd be<br>
interested to hear if folks can (hopefully) reproduce the same results.<br>
<br>
{"kty":"oct",<br>
  "k":"ZW8Eg8TiwoT2YamLJfC2leYpLgLmUAh_PcMHqRzBnMg"}<br>
7WWD36NF4WCpPaYtK47mM4o0a5CCeOt01JXSuMayv5g<br>
<br>
<br>
{"kty":"EC",<br>
  "x":"CEuRLUISufhcjrj-32N0Bvl3KPMiHH9iSw4ohN9jxrA",<br>
  "y":"EldWz_iXSK3l_S7n4w_t3baxos7o9yqX0IjzG959vHc",<br>
  "crv":"P-256"}<br>
j4UYwo9wrtllSHaoLDJNh7MhVCL8t0t8cGPPzChpYDs<br>
<br>
<br>
{"kty":"EC",<br>
  "x":"Aeq3uMrb3iCQEt0PzSeZMmrmYhsKP5DM1oMP6LQzTFQY9-F3Ab45xiK4AJxltXEI-87g3gRwId88hTyHgq180JDt",<br>
  "y":"ARA0lIlrZMEzaXyXE4hjEkc50y_JON3qL7HSae9VuWpOv_2kit8p3pyJBiRb468_U5ztLT7FvDvtimyS42trhDTu",<br>
  "crv":"P-521"}<br>
rz4Ohmpxg-UOWIWqWKHlOe0bHSjNUFlHW5vwG_M7qYg<br>
<br>
<br>
{"kty":"EC",<br>
  "x":"2jCG5DmKUql9YPn7F2C-0ljWEbj8O8-vn5Ih1k7Wzb-y3NpBLiG1BiRa392b1kcQ",<br>
  "y":"7Ragi9rT-5tSzaMbJlH_EIJl6rNFfj4V4RyFM5U2z4j1hesX5JXa8dWOsE-5wPIl",<br>
  "crv":"P-384"}<br>
vZtaWIw-zw95JNzzURg1YB7mWNLlm44YZDZzhrPNetM<br>
<br>
<br>
{"kty":"oct","k":"NGbwp1rC4n85A1SaNxoHow"}<br>
5_qb56G0OJDw-lb5mkDaWS4MwuY0fatkn9LkNqUHqMk<br>
<br>
<br></div></div><span class="">
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
<br>
</span></blockquote>
<br>
</blockquote></div><br></div>