[Openid-specs-fapi] Issue #279: key selection algorithm (openid/fapi)
issues-reply at bitbucket.org
Wed Feb 12 15:13:35 UTC 2020
New issue 279: key selection algorithm
Part of the discussion on today’s call about [https://bitbucket.org/openid/fapi/issues/278/duplicate-kids-in-authorization-servers](https://bitbucket.org/openid/fapi/issues/278/duplicate-kids-in-authorization-servers) covered the fact that there is no document key selection method \(i.e. what fields of a key should a RP try and match to figure out which key to use to verify a signature\).
There seem to be a willingness within the working group to try and document a key selection algorithm, and to potentially adding a clause to FAPI requiring/encouraging servers to ensure that only a single key is found when that selection algorithm is applied to an id\_token and OP’s jwks.
More information about the Openid-specs-fapi