[Openid-specs-fapi] Issue #172: Add Guidance for the use of FAPI for payments (openid/fapi)

Dave Tonge issues-reply at bitbucket.org
Mon Sep 10 04:28:05 UTC 2018


New issue 172: Add Guidance for the use of FAPI for payments
https://bitbucket.org/openid/fapi/issues/172/add-guidance-for-the-use-of-fapi-for

Dave Tonge:

Payments are interesting from an OAuth perspective and there are many mistakes that implementers may make, for example:

 - Executing the payment immediately after user authorisation rather than waiting for the RP to exchange the auth code for a token and hit a "confirm" or "complete" endpoint
 - Using a scope value to represent a staged payment resource, but not adequately protecting that scope value
 
I suggest that we add some guidance around these issues.




More information about the Openid-specs-fapi mailing list