Validate JWT header KID when using OIDC private_key_jwt
22 views
Skip to first unread message
david.a...@bulbapp.com
Dec 22, 2022, 12:02:14 PM12/22/22
to Pac4j users mailing list
Any suggestions as to how I would require that the response JWT id token coming back from an OIDC authentication has a KID provided in the header?
I know a KID is normally optional, but I am attempting to get our app certified against a test suite that requires the KID, and there is a certification test that tests that we reject the id token if a KID is not provided in the header.
I have dug into the code and have been looking around inside the nimbusds token validation code, but I am not seeing any straightforward way of doing it, so I figured I would ask here to see if anyone has any ideas.
Thanks!
David
I know a KID is normally optional, but I am attempting to get our app certified against a test suite that requires the KID, and there is a certification test that tests that we reject the id token if a KID is not provided in the header.
I have dug into the code and have been looking around inside the nimbusds token validation code, but I am not seeing any straightforward way of doing it, so I figured I would ask here to see if anyone has any ideas.
Thanks!
David
Reply all
Reply to author
Forward
0 new messages