Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Where does the challenge value go in the Registration JWT? #56

Open
tblachowicz opened this issue Apr 26, 2024 · 1 comment
Open

Where does the challenge value go in the Registration JWT? #56

tblachowicz opened this issue Apr 26, 2024 · 1 comment

Comments

@tblachowicz
Copy link

In the high-level overview diagram explains that the Server returns the random challange value in Sec-Session-Registration response header and then the Browser generates the signed Registration JWT that should contain the challange value provided by the Server. It's not clear to me where does the challange value go in the registration JWT. The description of the JWT in Start Session section mentions that jti is a nonce. Please clarify if that is meant to be the challange value provided by the server. If so, it'd be good to clarify that in the Explainer to avoid confusion.
@bc-pi
Copy link

bc-pi commented Apr 26, 2024

#43 is similar/duplicative FWIW

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tblachowicz @bc-pi