[Openid-specs-mobile-profile] CIBA - Backchannel Authentication Endpoint and OIDC request object endpoint

Nat Sakimura n-sakimura at nri.co.jp
Fri May 12 05:41:39 UTC 2017


Hi

 

OIDC core defines request_uri. It does not define a particular way of
setting up the endpoint that receives request object but just says that it
needs to save the request object. 

 

CIBA's Backchannel Authentication Endpoint is very close to it except that
it is not accepting the signed JWS. 

FAPI Part 2 defined an endpoint at the AS that saves the request object. 

See
https://bitbucket.org/openid/fapi/src/master/Financial_API_WD_002.md?at=mast
er
<https://bitbucket.org/openid/fapi/src/master/Financial_API_WD_002.md?at=mas
ter&fileviewer=file-view-default#markdown-header-7-request-object-endpoint>
&fileviewer=file-view-default#markdown-header-7-request-object-endpoint

I and John were talking of propagating it to OAuth JAR as well. 

 

I kind of feel that these can be harmonized. Is there any appetite to do so
in Modrna WG? 

 

 

--

PLEASE READ :This e-mail is confidential and intended for the

named recipient only. If you are not an intended recipient,

please notify the sender  and delete this e-mail.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20170512/d9ea59b0/attachment.html>


More information about the Openid-specs-mobile-profile mailing list