Twitter Feed: Post

Twitter Feed

@gcouprie ("Geoffroy Couprie") wrote:

I had to gaze into the abyss to find a safe way to match JWT and JWK coming from multiple identity providers,with bad constraints:no alg in JWK, same kid used with diff keys...
Should I write down the solution for others, or bury it because it might encourage people on that path?