[Openid-specs-fapi] Issue #321: Editorial: Language describing acceptable token endpoint authentication mechanisms. (openid/fapi)
issues-reply at bitbucket.org
Wed Sep 30 16:27:44 UTC 2020
New issue 321: Editorial: Language describing acceptable token endpoint authentication mechanisms.
Given that one describes a specific mechanism support by name shouldn’t for consistency this read
1. tls\_client\_auth or `self_signed_tls_client_auth` as specified in section 2 of MTLS. Also isn’t private\_key\_jwt meant to be in grey?
shall authenticate the confidential client using one of the following methods \(this overrides FAPI part 1 clause 188.8.131.52\):
1. Mutual TLS for OAuth Client Authentication as specified in section 2 of [MTLS](https://tools.ietf.org/html/rfc8705);
2. `private_key_jwt` as specified in section 9 of [OIDC](http://openid.net/specs/openid-connect-core-1_0.html);
More information about the Openid-specs-fapi