[Openid-specs-fapi] Issue #403: proposed new FAPI certification test: private_key_jwt client authentication assertion where aud contains multiple values (openid/fapi)

josephheenan issues-reply at bitbucket.org
Wed Apr 28 14:14:22 UTC 2021


New issue 403: proposed new FAPI certification test: private_key_jwt client authentication assertion where aud contains multiple values
https://bitbucket.org/openid/fapi/issues/403/proposed-new-fapi-certification-test

Joseph Heenan:

As per [https://gitlab.com/openid/conformance-suite/-/issues/886](https://gitlab.com/openid/conformance-suite/-/issues/886) the certification team intends to implement an additional test that sends multiple aud values in client assertions.

We’d likely send the normal aud and also `https://other1.example.com` and the server must accept that as valid. I guess this would be for FAPI-RW-ID2 tests and also FAPI1-Advanced-Final.

This is at least partly related to [https://bitbucket.org/openid/connect/issues/1213/private\_key\_jwt-client\_secret\_jwt-audience](https://bitbucket.org/openid/connect/issues/1213/private_key_jwt-client_secret_jwt-audience) which some RPs are working around by sending multiple aud values.

Any feedback/objections welcome.



More information about the Openid-specs-fapi mailing list