Signed requests
13 views
Skip to first unread message
Roland Hedberg
Apr 21, 2020, 2:40:15 PM4/21/20
to openid-feder...@googlegroups.com
Hi!
Don’t know if you’ve seen the discussion about the use of private_key_jwt in automatic registration.
A proposal on using signed request objects instead was made both by Joseph and Brian.
I actually like that proposal.
So, I will implement it. Just to see how it would work. Definitely no big deal.
What about you ?
— Roland
Don’t know if you’ve seen the discussion about the use of private_key_jwt in automatic registration.
A proposal on using signed request objects instead was made both by Joseph and Brian.
I actually like that proposal.
So, I will implement it. Just to see how it would work. Definitely no big deal.
What about you ?
— Roland
Vladimir Dzhuvinov
Apr 21, 2020, 2:58:43 PM4/21/20
to openid-feder...@googlegroups.com
Makes sense. It authenticates the client just like private_key_jwt while
adding extra integrity protection of the authZ params.
Vladimir
adding extra integrity protection of the authZ params.
Vladimir
Reply all
Reply to author
Forward
0 new messages