[Openid-specs-mobile-profile] Issue #153: Change examples to use public key crypto for auth (openid/mobile)

Dave Tonge issues-reply at bitbucket.org
Tue Feb 5 06:54:31 UTC 2019


New issue 153: Change examples to use public key crypto for auth
https://bitbucket.org/openid/mobile/issues/153/change-examples-to-use-public-key-crypto

Dave Tonge:

>From Torsten:

> - section 7.2

> — bullet 1. "… It is RECOMMENDED that Clients not send shared secrets in the Authentication Request but rather that public key cryptography be used.“

> I agree with this recommendation but all examples use shared secrets (Basic authz) to authenticate and authorize the respective RP. I suggest you change the examples to use public crypto.




More information about the Openid-specs-mobile-profile mailing list