New issue 137: Eliminate use of public clients https://bitbucket.org/openid/fapi/issues/137/eliminate-use-of-public-clients tomcjones: It should be self-evident that any API allowing money to be diverted should not be allowed from a public client