[Openid-specs-ab] Issue #2172: [Native SSO] Confidential as well as public clients can be supported (openid/connect)
Vladimir Dzhuvinov
issues-reply at bitbucket.org
Thu Dec 19 09:41:40 UTC 2024
New issue 2172: [Native SSO] Confidential as well as public clients can be supported
https://bitbucket.org/openid/connect/issues/2172/native-sso-confidential-as-well-as-public
Vladimir Dzhuvinov:
The following paragraph implies that the native SSO is for confidential clients, but public clients can work equally well.
[https://openid.net/specs/openid-connect-native-sso-1\_0.html#section-4.1](https://openid.net/specs/openid-connect-native-sso-1_0.html#section-4.1)
> The client authenticates using its registered token endpoint client authentication method. This could range from HTTP Basic Authentication, to OpenID Connect defined private\_key\_jwt. The AS must be able to obtain the client\_id of the requesting mobile app \(mobile app #2\) from the client authentication method.
Proposed text:
> The AS obtains the `client_id` of the requesting mobile app - for a public client from the `client_id` token request parameter, for a confidential client from the validated client authentication.
More information about the Openid-specs-ab
mailing list