[Openid-specs-ab] Issue #1284: Require Sender Constrained Tokens (openid/connect)
Edmund Jay
issues-reply at bitbucket.org
Mon Aug 16 20:16:16 UTC 2021
New issue 1284: Require Sender Constrained Tokens
https://bitbucket.org/openid/connect/issues/1284/require-sender-constrained-tokens
Edmund Jay:
Comments from TL regarding original Credential Provider spec:
It seems the OP is required to issue an access token good to obtain credentials bound to arbitrary DIDs. This means that this access token is a very powerful credential. I think bearer tokens are not suitable in this case and recommend to make sender constrained access tokens \(using mTLS or DPoP\) mandatory.
More information about the Openid-specs-ab
mailing list