add a section with public keys for validation

oauth-wg / oauth-selective-disclosure-jwt

https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-disclosure-jwt/

Other

56 stars 29 forks source link

add a section with public keys for validation #296

Closed Sakurann closed 1 year ago

Sakurann commented 1 year ago

addresses Issue #241.

danielfett commented 1 year ago

The w3c-vc example currently uses a different key. We should call that out or change the example to the default key. I think that having one example with a different key (type) doesn't hurt, so we should call out that this example uses a different key.

bc-pi commented 1 year ago

The w3c-vc example currently uses a different key. We should call that out or change the example to the default key. I think that having one example with a different key (type) doesn't hurt, so we should call out that this example uses a different key.

Either way, the holder's public key is already available in the payload of the example SD-JWTs. So it doesn't need to be and shouldn't be included here.

Sakurann commented 1 year ago

w3c-vc uses a different KB JWT key but the same issuer key, correct?

bc-pi commented 1 year ago

w3c-vc uses a different KB JWT key but the same issuer key, correct?

Yeah, i believe so. But no signed content is actually shown in that example. That example just shows the payload and disclosure content.