|
|
|
|
|
|
by weitendorf
322 days ago
|
|
|
How do you pre-register them then? What prevents someone else from trying to register or push my JWKS to the API owner? If you are in an open security context (eg the Internet) you would then still need another way to handle Identity |
|
|
Exactly my complaint. You still have to go into some web portal and install your public key, I guess.
> What prevents someone else from trying to register or push my JWKS to the API owner?
Well for one thing they wouldn't have access to your public key since you won't be hosting them publicly somewhere. But for another thing it will be useless to them unless they have access to your private key