Hi, The difference of when to use kid vs. x5t to identify the JWT signing key is not obvious to me. On the surface they seem to do the same thing, (e.g. identify to the party validating the signature which key to use to validate it, allow the public key to be retrieved from an endpoint of the party doesn't already have it).
But JWS defines both, so I'm guessing that there is a subtle difference that I am missing here? adam
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
