[Openid-specs-fapi] Issue #113: awkward logic around client support for OAUTB or MTLS (openid/fapi)

Brian Campbell issues-reply at bitbucket.org
Thu Jul 6 20:50:39 UTC 2017


New issue 113: awkward logic around client support for OAUTB or MTLS
https://bitbucket.org/openid/fapi/issues/113/awkward-logic-around-client-support-for

Brian Campbell:

Part 2 section 5.2.3 Public Client has "shall support OAUTB as a holder of key mechanism;" and then 5.2.4 Confidential Client has "In addition to the provision to the Public Client and the provisions of clause 5.2.3, the Confidential Client [...] shall support OAUTB or MTLS as a holder of key mechanism;" 

I think I understand the intent that a public client needs to do OAUTB while a confidential client needs to do either OAUTB or MTLS. But the way that it reads, in trying to translate that text into logic, it might suggest that support of OAUTB is the only thing that fulfills the requirement because 5.2.3 has "shall support OAUTB" and 5.2.4 picks up that provision.




More information about the Openid-specs-fapi mailing list