[Openid-specs-ab] Issue #1750: PKCE and pre-auth code flow in VCI (openid/connect)
Tom Jones
thomasclinganjones at gmail.com
Tue Dec 13 05:14:58 UTC 2022
There are 2000 new vulnerabilities posed by CISA every month. About 15% of
those are severe.
How is it that you think odif can be in the business of posting
mitigations?
https://www.cvedetails.com/vulnerabilities-by-types.php
This is why I opposed the addition of attack models to the fapi docs. Now
you are going down the same rathole?
These mitigations will be obsolete before the std is approved.
..tom
On Wed, Dec 7, 2022 at 9:39 PM Kristina Yasuda via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:
> New issue 1750: PKCE and pre-auth code flow in VCI
>
> https://bitbucket.org/openid/connect/issues/1750/pkce-and-pre-auth-code-flow-in-vci
>
> Kristina Yasuda:
>
> \(following[ Joseph’s comment](
> https://bitbucket.org/openid/connect/pull-requests/372#comment-351680555)\)
> “I don’t think PKCE can be used with the pre-authorised code flow, we
> should probably explicitly state that \(and perhaps mention alternative
> mitigations\).”
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20221212/13e4d406/attachment.html>
More information about the Openid-specs-ab
mailing list