Kristina Yasuda and I have published an updated JWK Thumbprint URI draft that addresses the OAuth Working Group Last Call (WGLC) comments received. Changes made were:
- Added security considerations about multiple public keys coresponding to the same private key.
- Added hash algorithm identifier after the JWK thumbprint URI prefix to make it explicit in a URI which hash algorithm is used.
- Added reference to a registry for hash algorithm identifiers.
- Added SHA-256 as a mandatory to implement hash algorithm to promote interoperability.
- Acknowledged WGLC reviewers.
The specification is available at:
Leave a Reply
You must be logged in to post a comment.