[Openid-specs-fapi] Issue #245: FAPI-CIBA: Client Authentication at Backchannel Authentication Endpoint (openid/fapi)

Takahiko Kawasaki issues-reply at bitbucket.org
Wed Jul 3 01:25:02 UTC 2019


New issue 245: FAPI-CIBA: Client Authentication at Backchannel Authentication Endpoint
https://bitbucket.org/openid/fapi/issues/245/fapi-ciba-client-authentication-at

Takahiko Kawasaki:

It would be kind to state explicitly that client authentication at the backchannel authentication endpoint should follow the guidance written in the FAPI spec. Especially, about the natural conclusion that the following are affected by FAPI requirements.

1. **Client authentication method** \(`client_secret_basic` and `client_secret_post` are not allowed. `client_secret_jwt` is not allowed for Read-and-Write. `private_key_jwt`, `tls_client_auth`, `self_signed_tls_client_auth` are allowed for both Read-Only and Read-and-Write\)
2. **Size of signing key** of client assertion \(RSA: 2048 or larger, EC: 160 or larger\)




More information about the Openid-specs-fapi mailing list