Skip to content

Commit

Permalink
fix: issuance DpoP jti enforcement against replay attacks (#272)
Browse files Browse the repository at this point in the history
  • Loading branch information
@peppelinux
peppelinux authored May 10, 2024
1 parent 744a9f3 commit 12f8ab0
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion docs/en/pid-eaa-issuance.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -823,7 +823,7 @@ A DPoP-bound Access Token is provided by the PID/(Q)EAA Token endpoint as a resu
- UNIX Timestamp with the expiry time of the JWT, coded as NumericDate as indicated in :rfc:`7519`.
- [:rfc:`9068`], [:rfc:`7519`].
* - **jti**
- It MUST be a String in *uuid4* format. Unique Token ID identifier that the RP MAY use to prevent reuse by rejecting the Token ID if already processed.
- It MUST be a String in *uuid4* format. Unique Token ID identifier that the RP SHOULD use to prevent reuse by rejecting the Token ID if already processed.
- [:rfc:`9068`], [:rfc:`7519`].
* - **jkt**
- JWK SHA-256 Thumbprint Confirmation Method. The value of the jkt member MUST be the base64url encoding (as defined in [RFC7515]) of the JWK SHA-256 Thumbprint of the DPoP public key (in JWK format) to which the Access Token is bound.
Expand Down

0 comments on commit 12f8ab0

Please sign in to comment.