Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
If authenticating the user by using a signed JWT, the client includes the following fields in the JWT described in section 3.2.5.1.2.1:
grant_type (REQUIRED): "urn:ietf:params:oauth:grant-type:jwt-bearer"
assertion (REQUIRED): A signed JWT used to authenticate the user.
-
The JWT fields for the JWT provided in the assertion field MUST be given the following values:
-
iss (REQUIRED): The username of the user for which the primary refresh token is requested.
-
iat (REQUIRED): See [OIDCCore] section 2.
-
exp (REQUIRED): See [OIDCCore] section 2.
-
aud (REQUIRED): The Issuer Identifier ([OIDCCore] section 1.2) of the server that the client is sending the request to.
-
request_nonce (REQUIRED): This is the same value as request_nonce as contained in the request body (section 3.2.5.1.2.1).
-
-
Note: The request_nonce value is supported in the assertion field by the operating systems specified in [MSFT-CVE-2023-35348], each with its related KB article download installed.
-
The signature header fields of the assertion field MUST be given the following values:
-
typ (REQUIRED): "JWT"
-
alg (REQUIRED): "RS256"
-
kid (REQUIRED): The identifier for the key used to sign the request.
-
use (REQUIRED): "ngc"
-