[Openid-specs-fapi] Public Client Support
dave.tonge at momentumft.co.uk
Wed Jan 2 15:26:07 UTC 2019
Dear FAPI WG
We very briefly discussed the issue of Public Client support on the call
today and I said I'd email the list.
We have two issues open:
>From my perspective the key argument to remove support for public clients
*It is harder to implement secure public clients, the spec would be simpler
if we just removed support.*
The key argument to include support is:
*The FAPI specs are not just for use in PSD2 style APIs where a
confidential client is required. Rather the specs are intended to also
support first party clients, for example a bank or TPP implementing its own
app. People will implement such apps using public clients so we should
provide guidance on how to do it securely.*
It would be good to get feedback from the list on this.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-fapi