[Openid-specs-ab] Issue #1164: insecure front-channel use of private_key_jwt client authentication (openid/connect)
Brian Campbell
issues-reply at bitbucket.org
Fri Apr 17 21:48:57 UTC 2020
New issue 1164: insecure front-channel use of private_key_jwt client authentication
https://bitbucket.org/openid/connect/issues/1164/insecure-front-channel-use-of
Brian Campbell:
“At a minimum openid-connect-federation needs to acknowledge that it's misusing private\_key\_jwt and do something to mitigate the security problem.”
Please see [https://github.com/oauthstuff/draft-oauth-par/issues/41](https://github.com/oauthstuff/draft-oauth-par/issues/41) but particularly the comments at [https://github.com/oauthstuff/draft-oauth-par/issues/41#issuecomment-615081283](https://github.com/oauthstuff/draft-oauth-par/issues/41#issuecomment-615081283) and [https://github.com/oauthstuff/draft-oauth-par/issues/41#issuecomment-615475230](https://github.com/oauthstuff/draft-oauth-par/issues/41#issuecomment-615475230)
More information about the Openid-specs-ab
mailing list