[Openid-specs-fapi] EUIDW-4-Payments update: dropping OAuth
Joseph Heenan
joseph at authlete.com
Wed Jul 3 16:41:32 UTC 2024
Hi Anders
I’m unsure what point you were trying to make, but for clarity this flow is still based on OAuth2. (It uses OpenID for Verifiable Presentations, which is built on top of OAuth2.)
I guess you may mean it’s not based on a standard OAuth2 authorization code flow with the bank.
Thanks
Joseph
> On 2 Jul 2024, at 23:19, Anders Rundgren via Openid-specs-fapi <openid-specs-fapi at lists.openid.net> wrote:
>
> Apparently the EUIDW folks finally realized that OAuth is the wrong solution for wallet-based payment authorizations:
> https://github.com/digitallabor-berlin/eudiw-sca/blob/ea5db12b59f583f79e3c866896565fa6c93ae2e4/openbanking-r2s.md#payment
> That is, a PISP is now just a backend process, technically no different than Stripe & Co, while the wallet only communicates with the Merchant.
>
> My review of the update:
> https://github.com/openid/OpenID4VP/issues/180#issuecomment-2203209092
>
> Anders
>
>
>
>
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-fapi
More information about the Openid-specs-fapi
mailing list