Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWK X5U verification #741

Closed
lhazlewood opened this issue May 9, 2022 · 2 comments
Closed

JWK X5U verification #741

lhazlewood opened this issue May 9, 2022 · 2 comments
Assignees
@lhazlewood

Comments

@lhazlewood
Copy link
Contributor

lhazlewood commented May 9, 2022
edited

https://datatracker.ietf.org/doc/html/rfc7517#section-4.6

If receiving a JWK with x5u, it must be verified as defined in the above spec section before it can be used.
@lhazlewood lhazlewood added this to the 1.0 milestone May 9, 2022
@lhazlewood lhazlewood self-assigned this May 9, 2022
@lhazlewood
Copy link
Contributor Author

@bdemers I seem to remember you working on similar HTTPS resolution logic for this stuff at one time, no? Any insights into this that I need to be aware of? Or do you want to take a crack at it?

@lhazlewood lhazlewood mentioned this issue Aug 11, 2023
Open
@lhazlewood
Copy link
Contributor Author

Even though the x5u parameter can exist in either a JWT header or a JWK, any validation mechanism for x5u should be identical (and even shared) between the two. As such, closing this as a duplicate of #408.

@lhazlewood lhazlewood removed this from the 1.0 milestone Oct 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lhazlewood lhazlewood

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lhazlewood