[Openid-specs-ab] Issue #1164: insecure front-channel use of private_key_jwt client authentication (openid/connect)

Brian Campbell issues-reply at bitbucket.org
Fri Apr 17 21:48:57 UTC 2020


New issue 1164: insecure front-channel use of private_key_jwt client authentication
https://bitbucket.org/openid/connect/issues/1164/insecure-front-channel-use-of

Brian Campbell:

“At a minimum openid-connect-federation needs to acknowledge that it's misusing private\_key\_jwt and do something to mitigate the security problem.” 

Please see [https://github.com/oauthstuff/draft-oauth-par/issues/41](https://github.com/oauthstuff/draft-oauth-par/issues/41) but particularly the comments at [https://github.com/oauthstuff/draft-oauth-par/issues/41#issuecomment-615081283](https://github.com/oauthstuff/draft-oauth-par/issues/41#issuecomment-615081283) and [https://github.com/oauthstuff/draft-oauth-par/issues/41#issuecomment-615475230](https://github.com/oauthstuff/draft-oauth-par/issues/41#issuecomment-615475230) 

‌

‌

‌




More information about the Openid-specs-ab mailing list