...
JWT MUST be signed with minimum RS256.
JWT MUST include the claim
nbf(which indicates when JWT is valid from).JWT MUST include claim
exp(which indicates when JWT is no longer valid). Max life of JWT is 60 seconds.JWT MUST include the claim
isswith value set to the current client_id.that ensures that there is a negligible probability that the same value will be accidentally assigned to a different JWT” (link) for the same issuer.
JWT MUST include the claim
audwhich is set to url to the HelseID for the relevant environment. This value can be found in the «issuer» claim in our metadata, for our test environment the value is «https://helseid-sts.test.nhn.no, see https://helseid-sts.test.nhn.no/.well-known / openid-configuration .The JWT MAY contain other parameters to the authorization endpoint in accordance with the specification
EDIT 07.Dec.2020: JWT SHOULD include the claim
client_idwith value set to current client_idEDIT 07.Dec.2020: JWT SHOULD include the claim
jtiwith a value which “MUST be assigned in a manner Note that the last two rules will be transitioned from “SHOULD” to “MUST”.
Example of signed Request Object JWT
| Code Block |
|---|
JWK
}.
{
"nbf":1575463285,
"exp":1575463345,
"iss": "some_client_id",
"client_id": "some_client_id",
"jti": "some_unique_value",
"aud":"https://helseid-sts.nhn.no",
"authorization_details": {LOOK BELOW FOR FORMAT}
}.
{
SIGNATURE
} |
...