Replace `unifiedResourceName` with `uniformResourceIdentifier`
awoie opened this issue · comments
The rules to obtain the verification key from X.509 should be changed to use the uniformResourceIdentifier
from the SAN extension instead of the unifiedResourceName
(which does not exist).
Furthermore, since uniformResourceIdentifier
can potentially start with a https scheme, the JWT Issuer Metadata rule should only be enforced if no x5* JWT header was set.
We also need to add x5t#S256
JWT header.
Fixed by #183