[Openid-specs-fapi] How best to combine PAR with Device Flow to help with x2Web flow to receive authorisation code
Anders Rundgren
anders.rundgren.net at gmail.com
Thu Dec 8 05:38:53 UTC 2022
On 2022-12-07 23:18, Nicholas Irving via Openid-specs-fapi wrote:
> Morning
> We have a problem where we don't want to allow web access to our IDP, instead push them to App via a QR Code. However it is not clear if a Pushed Authorisation Request can participate in that flow so that we can get claims for IDMVP.
>
> Yes this is an Authorisation Server issue that I would like to solve via specs as I don't want the relying party to have to choose which spec to implement, as deep linking will solve the problem for x2App. CIBA is a pain as once again the relying party had to collect and control information prior to the request and again we don't want this to happen for the x2App flow, as it is a bad CX.
>
> Any plans to help solve this problem via specs?
I don't know anything what your application is, but for C2B payments FAPI scales poorly due to the lack of standards on the Merchant and User side.
VISA and MasterCard recently teamed up with the W3C, the FIDO alliance, Microsoft and Google, resulting in a payment authorization standard for the User side, requiring no apps or deep links.
Although working, it does not address A2A transactions which is why I updated this concept:
https://fido-web-pay.github.io/specification/fido-wallet-whitepaper.pdf
According to my sources the FIDO alliance is looking into similar enhancements, but with identity in mid.
FIDO was not available when FAPI started.
Anders
>
> Regards
> Nicholas Irving
>
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-fapi
More information about the Openid-specs-fapi
mailing list