[Openid-specs-fapi] Issue #352: nonce as PKCE alternative for OIDC flows (openid/fapi)
tlodderstedt
issues-reply at bitbucket.org
Sat Dec 12 11:55:12 UTC 2020
New issue 352: nonce as PKCE alternative for OIDC flows
https://bitbucket.org/openid/fapi/issues/352/nonce-as-pkce-alternative-for-oidc-flows
Torsten Lodderstedt:
AS clause 11 currently states:
„shall require PKCE \[@!RFC7636\] with `S256` as the code challenge method“
The Security BCP and the OAuth 2.1 draft allow use of nonce as alternative to PKCE for confidential clients. This makes especially sense if the client is a OIDC RP.
I suggest we add this alternative to FAPI 2 baseline as well.
More information about the Openid-specs-fapi
mailing list