Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kid vs sub for signature validation #54

Open
p15r opened this issue Sep 30, 2020 · 0 comments
Open

kid vs sub for signature validation #54

p15r opened this issue Sep 30, 2020 · 0 comments
Labels
question Further information is requested

Comments

@p15r
Copy link
Owner

p15r commented Sep 30, 2020
edited
Loading

Currently, a kid-to-cert map is used to determine which cert is required to verify a JWT signature. However, the kid is optional and not part of rfc7519. It is, however, part of rfc7515 (https://tools.ietf.org/html/rfc7515#section-4.1.4). Therefore, it might be better to create a issuer->subject->cert map (especially if a key consumer, other than Salesforce, does not provide a kid in the JWT protected header).
@p15r p15r added the question Further information is requested label Oct 27, 2020
@p15r p15r self-assigned this Oct 30, 2020
@p15r p15r removed their assignment Feb 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@p15r