[Openid-specs-fapi] Issue #131: client_id supplied in request body should match the one supplied elsewhere (openid/fapi)
Joseph Heenan
issues-reply at bitbucket.org
Mon Jan 29 15:30:55 UTC 2018
New issue 131: client_id supplied in request body should match the one supplied elsewhere
https://bitbucket.org/openid/fapi/issues/131/client_id-supplied-in-request-body-should
Joseph Heenan:
As per discussions here:
https://www.ietf.org/mail-archive/web/oauth/current/threads.html#17751
and here:
https://openbanking.atlassian.net/wiki/spaces/WOR/pages/89882922/118
It sounds like we should have an explicit clause requiring the AS to verify that the client_id supplied in the request body matches any one provided elsewhere.
More information about the Openid-specs-fapi
mailing list