The JSON Web Key (JWK) Thumbprint specification [RFC 7638<https://www.rfc-editor.org/rfc/rfc7638.html>] defines a method for computing a hash value over a JSON Web Key (JWK) [RFC 7517<https://www.rfc-editor.org/rfc/rfc7517.html>] and encoding that hash in a URL-safe manner. Kristina Yasuda<https://twitter.com/kristinayasuda> and I have just created the JWK Thumbprint URI<https://www.ietf.org/archive/id/draft-jones-oauth-jwk-thumbprint-uri-00.html> specification, which defines how to represent JWK Thumbprints as URIs. This enables JWK Thumbprints to be communicated in contexts requiring URIs, including in specific JSON Web Token (JWT) [RFC 7519<https://www.rfc-editor.org/rfc/rfc7519.html>] claims.
Use cases for this specification were developed in the OpenID Connect Working Group<https://openid.net/wg/connect/> of the OpenID Foundation. Specifically, its use is planned in future versions of the Self-Issued OpenID Provider v2<https://openid.net/specs/openid-connect-self-issued-v2-1_0.html> specification. The specification is available at: * https://www.ietf.org/archive/id/draft-jones-oauth-jwk-thumbprint-uri-00.html -- Mike P.S. This note was also published at https://self-issued.info/?p=2211 and as @selfissued<https://twitter.com/selfissued/>.
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
