[Openid-specs-native-apps] Identifying applications.
John Bradley
ve7jtb at ve7jtb.com
Wed Aug 6 23:15:54 UTC 2014
It seems that package names are not unique, and signing keys are per developer rather than per application on some if not all OS.
If this is the case do we need to use a combination of package name and signing key to identify the application making a request to the TA?
If the answer to that is yes, then we probably need more information from the app_info endpoint and to also send multiple claims to the token_endpoint for the AS to make the authorization decision.
That might best be done by having the azp parameter (or whatever it winds up being called) pass a JWT as it's value.
Can people comment on what needs to be passed to uniquely identify an app on iOS , Android and Windows mobile.
Thanks
John B.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4326 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-native-apps/attachments/20140806/7a7ce597/attachment.p7s>
More information about the Openid-specs-native-apps
mailing list