[Openid-specs-fapi] Issue #172: Add Guidance for the use of FAPI for payments (openid/fapi)
Dave Tonge
issues-reply at bitbucket.org
Mon Sep 10 04:28:05 UTC 2018
New issue 172: Add Guidance for the use of FAPI for payments
https://bitbucket.org/openid/fapi/issues/172/add-guidance-for-the-use-of-fapi-for
Dave Tonge:
Payments are interesting from an OAuth perspective and there are many mistakes that implementers may make, for example:
- Executing the payment immediately after user authorisation rather than waiting for the RP to exchange the auth code for a token and hit a "confirm" or "complete" endpoint
- Using a scope value to represent a staged payment resource, but not adequately protecting that scope value
I suggest that we add some guidance around these issues.
More information about the Openid-specs-fapi
mailing list