Where does the challenge value go in the Registration JWT? #56

tblachowicz · 2024-04-26T12:43:27Z

In the high-level overview diagram explains that the Server returns the random challange value in Sec-Session-Registration response header and then the Browser generates the signed Registration JWT that should contain the challange value provided by the Server. It's not clear to me where does the challange value go in the registration JWT. The description of the JWT in Start Session section mentions that jti is a nonce. Please clarify if that is meant to be the challange value provided by the server. If so, it'd be good to clarify that in the Explainer to avoid confusion.

The text was updated successfully, but these errors were encountered:

bc-pi · 2024-04-26T18:08:31Z

#43 is similar/duplicative FWIW

chen-chao · 2024-10-22T01:20:54Z

This has been addressed in this commit.

bc-pi · 2024-11-09T21:08:02Z

jti isn't wrong exactly but not quite right either and not where one would expect to see a challenge value placed.

kmonsen · 2024-12-23T21:06:50Z

where would you expect to see it?

kmonsen added the Has initial answer Has at least one answer from admins label Dec 23, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Where does the challenge value go in the Registration JWT? #56

Where does the challenge value go in the Registration JWT? #56

tblachowicz commented Apr 26, 2024

bc-pi commented Apr 26, 2024

chen-chao commented Oct 22, 2024

bc-pi commented Nov 9, 2024

kmonsen commented Dec 23, 2024

Where does the challenge value go in the Registration JWT? #56

Where does the challenge value go in the Registration JWT? #56

Comments

tblachowicz commented Apr 26, 2024

bc-pi commented Apr 26, 2024

chen-chao commented Oct 22, 2024

bc-pi commented Nov 9, 2024

kmonsen commented Dec 23, 2024