-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
jti/nonce/challenge value? #43
Comments
Yes, it is meant to be the value from the Sec-Session-Challenge header. We'll clarify this and other hand-waving in the examples. |
That would be great, thanks! Additional clarity around the content of the JWT and required verification steps could also be provided in text. I'm sure your already tired of me mentioning DPoP but https://www.rfc-editor.org/rfc/rfc9449.html#section-4.2 and https://www.rfc-editor.org/rfc/rfc9449.html#section-4.3 are an example of a spec describing somewhat similar JWT syntax and verification steps respectively. |
An example JWT has
"jti": "nonce",
but the word nonce doesn't appear anywhere else. Is the value intended to be the challenge from the Sec-Session-Challenge header? This could use some clarification/fixing.The text was updated successfully, but these errors were encountered: