<div dir="ltr">Hi all,<div><br></div><div>In the meeting yesterday, we discussed typing of JWTs in the context of dynamic client registration. I talked it over with a few of the OB folks and they proposed to use the cty header to type the payload rather than using typ to explicitly type the assertion. </div><div><br></div><div><div style="font-size:12.8px">For example: </div><div style="font-size:12.8px"><br></div></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><div style="font-size:12.8px">Registration Request</div></div></blockquote><div><div style="font-size:12.8px"><ul><ul><li style="margin-left:15px">Content-type for request is expected to be application/jwt</li><li style="margin-left:15px">assertion typ header set to JWT</li><li style="margin-left:15px">assertion cty header set to "ob_request+json"</li></ul></ul></div></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><div style="font-size:12.8px"><p>Software Statement</p></div></div></blockquote><div><div style="font-size:12.8px"><ul><ul><li style="margin-left:15px">assertion typ set to JWT</li><li style="margin-left:15px">assertion cty header set to "ob_softwarestmt+json"</li></ul></ul></div></div><div><div><br></div><div>Any comments? Any best practices or specs we run afoul of?</div><div><br></div><div><br></div>-- <br><div class="gmail_signature"><div style="padding:0px;margin:0px"> <table style="border-collapse:collapse;padding:0px;margin:0px"> <tbody><tr> <td style="width:113px"> <a href="https://www.pingidentity.com" target="_blank"></a><a href="https://www.pingidentity.com" target="_blank"><img alt="Ping Identity" src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/ping-logo.png"></a> </td> <td> <table> <tbody><tr> <td style="vertical-align:top"> <span style="color:rgb(230,29,60);display:inline-block;margin-bottom:3px;font-family:arial,helvetica,sans-serif;font-weight:bold;font-size:14px">Pam Dingle</span> <br> <span style="color:rgb(0,0,0);display:inline-block;margin-bottom:2px;font-family:arial,helvetica,sans-serif;font-weight:normal;font-size:14px">Principal Technical Architect</span> <br> <span style="font-family:arial,helvetica,sans-serif;font-size:14px;display:inline-block;margin-bottom:3px"><a href="mailto:pdingle@pingidentity.com" target="_blank">pdingle@pingidentity.com</a></span> <br> <span style="color:rgb(0,0,0);display:inline-block;margin-bottom:2px;font-family:arial,helvetica,sans-serif;font-weight:normal;font-size:14px"> w: +1 303.999.5890</span> <br> <span style="color:rgb(0,0,0);display:inline-block;margin-bottom:2px;font-family:arial,helvetica,sans-serif;font-weight:normal;font-size:14px"> c: +1 303.999.5890</span> </td> </tr> </tbody></table> </td> </tr> <tr> <td colspan="2"> <table style="border-collapse:collapse;border:none;margin:8px 0px 0px;width:100%"> <tbody><tr style="height:40px;border-top:1px solid rgb(211,211,211);border-bottom:1px solid rgb(211,211,211)"> <td style="font-family:arial,helvetica,sans-serif;font-size:14px;font-weight:bold;color:rgb(64,71,75)">Connect with us: </td> <td style="padding:4px 0px 0px 20px"> <a href="https://www.glassdoor.com/Overview/Working-at-Ping-Identity-EI_IE380907.11,24.htm" style="text-decoration:none;margin-right:16px" title="Ping on Glassdoor" target="_blank"><img src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/social-glassdoor.png" style="border: none; margin: 0px;" alt="Glassdoor logo"></a> <a href="https://www.linkedin.com/company/21870" style="text-decoration:none;margin-right:16px" title="Ping on LinkedIn" target="_blank"><img src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/social-linkedin.png" style="border: none; margin: 0px;" alt="LinkedIn logo"></a> <a href="https://twitter.com/pingidentity" style="text-decoration:none;margin-right:16px" title="Ping on Twitter" target="_blank"><img src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/social-twitter.png" style="border: none; margin: 0px;" alt="twitter logo"></a> <a href="https://www.facebook.com/pingidentitypage" style="text-decoration:none;margin-right:16px" title="Ping on Facebook" target="_blank"><img src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/social-facebook.png" style="border: none; margin: 0px;" alt="facebook logo"></a> <a href="https://www.youtube.com/user/PingIdentityTV" style="text-decoration:none;margin-right:16px" title="Ping on Youtube" target="_blank"><img src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/social-youtube.png" style="border: none; margin: 0px 0px 3px;" alt="youtube logo"></a> <a href="https://plus.google.com/u/0/114266977739397708540" style="text-decoration:none;margin-right:16px" title="Ping on Google+" target="_blank"><img src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/social-googleplus.png" style="border: none; margin: 0px;" alt="Google+ logo"></a> <a href="https://www.pingidentity.com/en/blog.html" style="text-decoration:none;margin-right:16px" title="Ping Blog" target="_blank"><img src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/social-blog.png" style="border: none; margin: 0px;" alt="Blog logo"></a> </td> </tr> </tbody></table> </td> </tr> </tbody></table><a href="https://www.pingidentity.com/en/lp/identify-2017.html" target="_blank"><img src="https://www.pingidentity.com/content/dam/ping-6-2-assets/images/misc/emailSignature/identify2017-emailsignature_revised_NB.png"></a> </div></div>
</div></div>
<br>
<i style="margin:0px;padding:0px;border:0px;outline:0px;vertical-align:baseline;background:rgb(255,255,255);font-family:proxima-nova-zendesk,system-ui,-apple-system,system-ui,"Segoe UI",Roboto,Oxygen-Sans,Ubuntu,Cantarell,"Helvetica Neue",Arial,sans-serif;color:rgb(85,85,85)"><span style="margin:0px;padding:0px;border:0px;outline:0px;vertical-align:baseline;background:transparent;font-family:proxima-nova-zendesk,system-ui,-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,Oxygen-Sans,Ubuntu,Cantarell,"Helvetica Neue",Arial,sans-serif;font-weight:600"><font size="2">CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.</font></span></i>