Ok - I have read through this document - my gut feeling is that I understood enough about OAuth to comment I would create a massive mail message of comments.
This does not make it clear to me how this would work. After several reads of the document my best guess is that one says - If you go digging through the content of the message then you might find something that will give you a hint about what key to use when combined with your database. Do you have any better cases that make it clear how this is supposed to work? Jim From: Mike Jones [mailto:[email protected]] Sent: Thursday, April 18, 2013 6:56 PM To: Jim Schaad Cc: [email protected] Subject: RE: [jose] OAUTH and implicit key identifiers In http://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-09, see the definition of "jwks_uri", which enables the client's JWK Set document to be communicated to the OAuth server out of band from the JWTs (and JOSE objects underlying them) later used. Also see "token_endpoint_auth_method" and especially the "client_secret_jwt" and "private_key_jwt" authentication methods. -- Mike From: [email protected] [mailto:[email protected]] On Behalf Of Jim Schaad Sent: Thursday, April 18, 2013 2:49 PM To: Mike Jones Cc: [email protected] Subject: [jose] OAUTH and implicit key identifiers Mike, I have tried to go through the OAuth documents in order to find where and how they have implicit key identifiers set up for tokens. I was unable to find this. Can you please give me a concrete pointer to where this text is? Jim
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
