[Openid-specs-fapi] Issue #88: Sender constraining the code (openid/fapi)
Nat Sakimura
issues-reply at bitbucket.org
Wed May 3 07:12:11 UTC 2017
New issue 88: Sender constraining the code
https://bitbucket.org/openid/fapi/issues/88/sender-constraining-the-code
Nat Sakimura:
For AS that provides request object registration endpoint, the AS can actually bind the `code` to the client certificate that was used to authenticate at the request object registration endpoint. This mitigates the `code` phishing attack.
More information about the Openid-specs-fapi
mailing list