[Openid-specs-fapi] Issue #477: FAPI2 + dpop nonces (openid/fapi)
josephheenan
issues-reply at bitbucket.org
Sun Feb 20 09:31:29 UTC 2022
New issue 477: FAPI2 + dpop nonces
https://bitbucket.org/openid/fapi/issues/477/fapi2-dpop-nonces
Joseph Heenan:
Is there a FAPI2baseline spec position on DPoP nonces as per section 8 / 9 of [https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop-05#section-8](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop-05#section-8) ?
Assuming there isn’t I presume the de facto position is that Authorization Servers/resource servers are free to require clients to support nonces, and that may then mean that the FAPI2Baseline client/RP certifications tests should require clients to implement dpop nonces correctly.
More information about the Openid-specs-fapi
mailing list