Clarify optionality of iss (1) in CWT status list token

oauth-wg / draft-ietf-oauth-status-list

https://drafts.oauth.net/draft-ietf-oauth-status-list/draft-ietf-oauth-status-list.html

Other

9 stars 7 forks source link

Clarify optionality of iss (1) in CWT status list token #130

Closed awoie closed 4 months ago

awoie commented 5 months ago

The spec says:

1 (issuer): REQUIRED. Same definition as iss claim in Section 5.1.

However, JWT defines iss as "REQUIRED if present in the reference token which means, the REQUIRED word is a bit misleading without the if-statement that follows.

Either use OPTIONAL for iss, or also say REQUIRED if present ... in the CWT section.