[mitreid-connect] JWT Signatures - which public key?
Luiz Omori
luiz.omori at duke.edu
Tue Oct 11 12:04:27 EDT 2016
Hi,
In our implementation, the RS upon receiving a request it first validates the access token signature locally before introspecting it. To perform the signature validation we use a previously retrieved public key. The issue we are facing is that in our case the <root>/jwk endpoint is returning multiple keys. How do we figure out which one should be used? Should we check the “use” field? If yes, is there a standard value to check for?
Regards,
Luiz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20161011/b39f4868/attachment.html
More information about the mitreid-connect
mailing list