[Openid-specs-fapi] Issue #60: Only one method to Token Bind AT rather than two? (openid/fapi)
issues-reply at bitbucket.org
Mon Jan 16 06:58:49 UTC 2017
New issue 60: Only one method to Token Bind AT rather than two?
https://tools.ietf.org/html/draft-ietf-oauth-token-binding-01 supports two ways to token bind the access token. The standard way, and the alternative way:
the client to generate a Token Binding key to use for the protected
resource, use the Token Binding ID for that key, and then later use
that key when the TLS connection to the protected resource is
(Source) Last Para of Section 3 of draft-ietf-oauth-token-binding-01
The question here is that should we support this alternative way or do we just requrie the standard way?
More information about the Openid-specs-fapi