[Openid-specs-fapi] Issue #341: Free DPoP (openid/fapi)
issues-reply at bitbucket.org
Wed Nov 18 21:28:30 UTC 2020
New issue 341: Free DPoP
Baseline has "shall only issue sender-constrained access tokens using Mutual TLS as described in \[@!RFC8705\]" for servers and "shall support sender-constrained access tokens using Mutual TLS as described in \[@!RFC8705\]" for clients.
Why not allow for DPoP too?
MTLS just isn't accessible in a lot of cases and mandating it is severely limiting the applicability of FAPI2.
More information about the Openid-specs-fapi