[Openid-specs-fapi] Issue #403: proposed new FAPI certification test: private_key_jwt client authentication assertion where aud contains multiple values (openid/fapi)
issues-reply at bitbucket.org
Wed Apr 28 14:14:22 UTC 2021
New issue 403: proposed new FAPI certification test: private_key_jwt client authentication assertion where aud contains multiple values
As per [https://gitlab.com/openid/conformance-suite/-/issues/886](https://gitlab.com/openid/conformance-suite/-/issues/886) the certification team intends to implement an additional test that sends multiple aud values in client assertions.
We’d likely send the normal aud and also `https://other1.example.com` and the server must accept that as valid. I guess this would be for FAPI-RW-ID2 tests and also FAPI1-Advanced-Final.
This is at least partly related to [https://bitbucket.org/openid/connect/issues/1213/private\_key\_jwt-client\_secret\_jwt-audience](https://bitbucket.org/openid/connect/issues/1213/private_key_jwt-client_secret_jwt-audience) which some RPs are working around by sending multiple aud values.
Any feedback/objections welcome.
More information about the Openid-specs-fapi