[Openid-specs-fapi] Issue #341: Free DPoP (openid/fapi)

Brian Campbell issues-reply at bitbucket.org
Wed Nov 18 21:28:30 UTC 2020


New issue 341: Free DPoP
https://bitbucket.org/openid/fapi/issues/341/free-dpop

Brian Campbell:

Baseline has "shall only issue sender-constrained access tokens using Mutual TLS as described in \[@!RFC8705\]" for servers and "shall support sender-constrained access tokens using Mutual TLS as described in \[@!RFC8705\]" for clients. 

Why not allow for DPoP too? 

MTLS just isn't accessible in a lot of cases and mandating it is severely limiting the applicability of FAPI2.




More information about the Openid-specs-fapi mailing list