ConfirmationClaim

RFC 7800: When the key held by the presenter is a symmetric key, the encryptedSymmetricKey member is an encrypted JsonWebKey encrypted to a key known to the recipient using the JWE Compact Serialization containing the symmetric key.

RFC 7800: When the key held by the presenter is an asymmetric private key, the jsonWebKey member is a JsonWebKey representing the corresponding asymmetric public key.

RFC 7800: The proof-of-possession key can be passed by reference instead of being passed by value. This is done using the "jku" member. Its value is a URI (RFC3986) that refers to a resource for a set of JSON- encoded public keys represented as a JsonWebKeySet, one of which is the proof-of-possession key. If there are multiple keys in the referenced JWK Set document, a keyId member MUST also be included with the referenced key's JWK also containing the same keyId value.

RFC 9449: JWK SHA-256 Thumbprint confirmation method. The value of the jsonWebKeyThumbprint member MUST be the base64url encoding (as defined in RFC7515) of the JWK SHA-256 Thumbprint (according to RFC7638) of the DPoP public key (in JWK format) to which the access token is bound.

RFC 7800: The proof-of-possession key can also be identified by the use of a Key ID instead of communicating the actual key, provided the recipient is able to obtain the identified key using the Key ID.