Hi, I am looking at the spec https://datatracker.ietf.org/doc/rfc7520/?include_text=1 for combining JWS and JWE use case, I could not find it obvious that a JSON document should be signed first and then encrypt or other way around.Are there any recommendations one over the other?
Thanks for help. Malla
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth