cnf
Registry Context
The `cnf` claim contains confirmation data used to identify a proof-of-possession key for a JWT.
Technical Summary
RFC 7800 defines `cnf` as a JSON object containing members used to identify a proof-of-possession key, while allowing other confirmation methods to be defined. Unrecognized confirmation members are ignored unless application-specific requirements apply. The claim must represent only one proof-of-possession key.
When Used
When a JWT conveys confirmation information for a proof-of-possession key.
Normative Requirements
Implementations
RFC 7800 - Section 3.1
ignore all confirmation members they do not understand.
Condition: In the absence of application-specific requirements for processing those members
All confirmation members that are not understood by implementations MUST be ignored.
The `cnf` claim value
RFC 7800 - Section 3.1
represent only a single proof-of-possession key.
Condition: Always
The `cnf` claim value MUST represent only a single proof-of-possession key.
Validation Guidance
Verify that the `cnf` value represents no more than one proof-of-possession key; in particular, at most one of `jwk`, `jwe`, and `jku` may be present.
Ignore unrecognized confirmation members when no application-specific processing requirement applies.
Reference
Details
- Entry Id
cnf- Claim Name
cnf- Claim Description
Confirmation- Change Controller
IESG- Reference
RFC7800 - Section 3.1