[Openid-specs-fapi] Public Client Support

Dave Tonge dave.tonge at momentumft.co.uk
Wed Jan 2 15:26:07 UTC 2019


We very briefly discussed the issue of Public Client support on the call
today and I said I'd email the list.

We have two issues open:

>From my perspective the key argument to remove support for public clients
*It is harder to implement secure public clients, the spec would be simpler
if we just removed support.*

The key argument to include support is:
*The FAPI specs are not just for use in PSD2 style APIs where a
confidential client is required. Rather the specs are intended to also
support first party clients, for example a bank or TPP implementing its own
app. People will implement such apps using public clients so we should
provide guidance on how to do it securely.*

It would be good to get feedback from the list on this.


Dave Tonge
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20190102/bd87db51/attachment.html>

More information about the Openid-specs-fapi mailing list