oauth2 icon indicating copy to clipboard operation
oauth2 copied to clipboard

Published 20 hours ago verified publisher icon go-oauth2

generates.NewJWTAccessGenerate kid parameter unclear

Open aubelsb2 opened this issue 5 years ago • 1 comments

What is the kid parameter supposed to be and how is it supposed to be used. It's rather ambiguous. It looks like from the RFC it's meant to be a "key id" the server can identify the key used if it presents multiple. Is that correct?

aubelsb2 avatar Jul 07 '20 00:07 aubelsb2

As my guess: "key id" is for multi-server scenario. Servers can valid jwt tokens signed by another server with retrieving proper signing key with "key id". There's a discuss in #110

sheepsong avatar Jul 20 '20 13:07 sheepsong