Closed peppelinux closed 1 day ago
please do a PR for your suggested updated text. I thnk it makes sense.
In addition to this, I would open a conversation about how a wallet is supposed to provide its public keys to the verifier for the signature validation, when the signed JWT or the Nested JWT is used. I suppose using wallet_metadata and or wallet instance attestation. we need to better clarify this if we agree
I think we have a separate issue on this?
Regarding the section Signed and/or Encrypted Responses.
To provide concrete guidance for implementations, I suggest the following change:
To sign, or sign and encrypt the Authorization Response, implementations MAY use JWT Secured Authorization Response Mode for OAuth 2.0 (JARM) [@!JARM].
to
To sign, encrypt, or both sign and encrypt the Authorization Response using a Nested JWT [RFC7519], implementations must utilize the JWT Secured Authorization Response Mode for OAuth 2.0. (JARM) [@!JARM].
In addition to this, I would open a conversation about how a wallet is supposed to provide its public keys to the verifier for the signature validation, when the signed JWT or the Nested JWT is used. I suppose using wallet_metadata and or wallet instance attestation. we need to better clarify this if we agree