I see now — that did follow my expectations .. but we’ve already established I’m not smart enough for SD-JWT :)
So an SD-JWT MUST always have a trailing “~” as that is what the ABNF says? On Fri, May 2, 2025 at 12:46 PM Brian Campbell <[email protected]> wrote: > from this line, > > SD-JWT = JWT "~" *[DISCLOSURE "~"] > > the SD-JWT part always has a trailing ~ > so I think what's there is correct. > > > On Fri, May 2, 2025 at 1:39 PM Dick Hardt <[email protected]> wrote: > >> Hey >> >> Looks like you are missing a "~" in the abnf for SD-JWT-KB >> >> in section 4 a "~" separates the KB-JWT from the rest of the string: >> >> <Issuer-signed JWT>~<Disclosure 1>~<Disclosure N>~<KB-JWT> >> >> >> But in the last line of the abnf there is no "~" : >> >> ALPHA = %x41-5A / %x61-7A ; A-Z / a-z >> DIGIT = %x30-39 ; 0-9 >> BASE64URL = 1*(ALPHA / DIGIT / "-" / "_") >> JWT = BASE64URL "." BASE64URL "." BASE64URL >> DISCLOSURE = BASE64URL >> SD-JWT = JWT "~" *[DISCLOSURE "~"] >> KB-JWT = JWT >> SD-JWT-KB = SD-JWT KB-JWT >> >> >> >> I think the last line should be >> >> SD-JWT-KB = SD-JWT "~" KB-JWT >> >> >> _______________________________________________ >> OAuth mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> > > *CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged material for the sole use of the intended recipient(s). Any > review, use, distribution or disclosure by others is strictly prohibited. > If you have received this communication in error, please notify the sender > immediately by e-mail and delete the message and any file attachments from > your computer. Thank you.*
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
