That’s already kind of dealt with in JWE by having claims required for decryption duplicated in the JWE header.
Odesláno z iPhonu > 10. 10. 2019 v 19:01, Justin Richer <jric...@mit.edu>: > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth