Update to most recent key-binding spec#367
Merged
Merged
Conversation
2acfffc to
73fdc20
Compare
…der typ should dpop+jwt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR fixes an issues where the implementation here differs from the current implementing in the OpenID Connect key binding draft spec as of openid/connect-key-binding@90035de
The draft spec now uses
dpop+id_tokenconsistently as the typ for the key bound ID Token whereas the implementation usedid_token+cnf. This PR changes the implementation to usedpop+id_tokeninstead ofid_token+cnf.Test
hello needs to be updated to use the DPoP header typ, getting:failed to exchange token: oauth2: "invalid_request" "typ MUST be dpop+id_token in dpop token"and it is returning an ID Token with typ=id_token+cnf.Hello is now working and returning a token where typ=
id_token+cnf