[Openid-specs-fapi] Issue #185: PKCE or Part2 mechanisms? (openid/fapi)
issues-reply at bitbucket.org
Sun Nov 4 20:35:57 UTC 2018
New issue 185: PKCE or Part2 mechanisms?
FAPI Part 1, 5.2.3. Public client, 1. says as follows:
> 1. shall support [RFC7636] or the mechanisms defined in Financial-grade API - Part 2;
This can be interpreted like _"RFC 7636 is not necessary if the mechanisms defined in Financial-grade API - Part 2 are used"_.
If this interpretation is acceptable, the specification needs to explain explicitly what "the mechanisms" mean. For example, "signed request object".
Otherwise, if the interpretation is not acceptable, _"or the mechanisms defined in Financial-grade API - Part 2"_ should be removed from the specification.
More information about the Openid-specs-fapi