You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the "POTENTIAL: API Piloting Definition Scope OID4VP V1.0" draft document (which unfortunately I cannot link), regarding the request object JWT (i.e. JAR protocol), it is stated that
Within (11) is explained how the client that received JWT (in our case wallet that received JAR) can fetch public key of the issuer (in our case RP). It uses HTTP GET method.
RP will publish its metadata containing jwk at the location formed by inserting the well-known string (for Potential we will use /.well-known/jar-issuer) between the host component and the path component (if any) of the iss claim value in the JAR.
If I am understanding this correctly, this implied that some module (direct trust?) should expose a /.well-known/jar-issuer endpoint that exposes the public key whose private component was used to sign the request object JWT.
For this issue we should create a specialized trust handler, called DirectTrustJar, that would inherit DirectTrustSdJwtVC and overloading the metadata fetch
peppelinux
changed the title
[Satosa][Interoperability] Exposure of RP signing key of request object
[Satosa][Interoperability]JAR Metadata endpoint: Exposure of RP signing key of request object
Jan 7, 2025
In the "POTENTIAL: API Piloting Definition Scope OID4VP V1.0" draft document (which unfortunately I cannot link), regarding the request object JWT (i.e. JAR protocol), it is stated that
If I am understanding this correctly, this implied that some module (direct trust?) should expose a
/.well-known/jar-issuer
endpoint that exposes the public key whose private component was used to sign the request object JWT.Asking @peppelinux for:
The text was updated successfully, but these errors were encountered: