[Openid-specs-fapi] Issue #88: Sender constraining the code (openid/fapi)

Nat Sakimura issues-reply at bitbucket.org
Wed May 3 07:12:11 UTC 2017

New issue 88: Sender constraining the code

Nat Sakimura:

For AS that provides request object registration endpoint, the AS can actually bind the `code` to the client certificate that was used to authenticate at the request object registration endpoint. This mitigates the `code` phishing attack.

More information about the Openid-specs-fapi mailing list