[Openid-specs-fapi] Issue #88: Sender constraining the code (openid/fapi)
issues-reply at bitbucket.org
Wed May 3 07:12:11 UTC 2017
New issue 88: Sender constraining the code
For AS that provides request object registration endpoint, the AS can actually bind the `code` to the client certificate that was used to authenticate at the request object registration endpoint. This mitigates the `code` phishing attack.
More information about the Openid-specs-fapi