[Openid-specs-fapi] The FAPI Security Model - Under Fire

[Anders Rundgren]

Hi FAPIers,

As a curious person I have always wondered how Open Banking/PISP/SCA would combine with Amazon's famous one-click checkout.

Various LinkedIn and Slack conversations have revealed the (ugly?) truth.

The intention (at least in the UK), is giving OAuth tokens "eternal life" and rather letting PISPs (Amazon is expected to be a one), deal with payer authorization.  This faithfully emulates the "card-on-file" system that powers most US based super providers.

Cheers,
Anders