Skip to content

Commit

Permalink
Tweak language
Browse files Browse the repository at this point in the history
  • Loading branch information
@jonathan-r-thorpe
jonathan-r-thorpe committed Nov 13, 2024
1 parent a7fb70b commit 0b8d43d
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions docs/Behaviour - Resource Servers.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ Resource Servers SHOULD attempt to verify tokens against all keys presented at t
endpoint. All valid JWK's SHOULD be tried until the token is verified or until no keys are left.

Where a Resource Server has no matching public key for a given token, it SHOULD attempt to obtain the missing public key
from the Authorization Server's "jwks_uri" property, which can be discovered at the server metadata endpoint
via the the token `iss` claim as specified in [RFC 8414][RFC-8414] section 3. In cases where the Resource Server needs
to fetch a public key from a remote Authorization Server it MAY temporarily respond with an HTTP 503 code in order to
avoid blocking the incoming authorized request. When a HTTP 503 code is used, the Resource Server SHOULD include an
Expand Down

0 comments on commit 0b8d43d

Please sign in to comment.