[Openid-specs-fapi] Issue #688: Simplifying the usage of FAPI-CIBA and FAPI 2 profiles together (openid/fapi)

Dima Postnikov issues-reply at bitbucket.org
Sat Mar 30 08:22:53 UTC 2024 

New issue 688: Simplifying the usage of FAPI-CIBA and FAPI 2 profiles together
https://bitbucket.org/openid/fapi/issues/688/simplifying-the-usage-of-fapi-ciba-and

Dima Postnikov:

1. FAPI security shoiuld at least meantion CIBA as a valid alternative to Auth Code flow

#### [5.3.1. ](https://openid.net/specs/fapi-2_0-security-profile-ID2.html#section-5.3.1)[Requirements for Authorization Servers](https://openid.net/specs/fapi-2_0-security-profile-ID2.html#name-requirements-for-authorizat)

##### [5.3.1.1. ](https://openid.net/specs/fapi-2_0-security-profile-ID2.html#section-5.3.1.1)[General Requirements](https://openid.net/specs/fapi-2_0-security-profile-ID2.html#name-general-requirements)

##### [5.3.1.2. ](https://openid.net/specs/fapi-2_0-security-profile-ID2.html#section-5.3.1.2)[Authorization Code Flow](https://openid.net/specs/fapi-2_0-security-profile-ID2.html#name-authorization-code-flow)

**5.3.1.3. Client Initiated backchannel flow**

refer tol FAPI-CIBA spec

##### [5.3.1.4. ](https://openid.net/specs/fapi-2_0-security-profile-ID2.html#section-5.3.1.3)[Returning Authenticated User's Identifier](https://openid.net/specs/fapi-2_0-security-profile-ID2.html#name-returning-authenticated-use)

#### [5.3.2. ](https://openid.net/specs/fapi-2_0-security-profile-ID2.html#section-5.3.2)[Requirements for Clients](https://openid.net/specs/fapi-2_0-security-profile-ID2.html#name-requirements-for-clients)

##### [5.3.2.1. ](https://openid.net/specs/fapi-2_0-security-profile-ID2.html#section-5.3.2.1)[General Requirements](https://openid.net/specs/fapi-2_0-security-profile-ID2.html#name-general-requirements-2)

##### [5.3.2.2. ](https://openid.net/specs/fapi-2_0-security-profile-ID2.html#section-5.3.2.2)[Authorization Code Flow](https://openid.net/specs/fapi-2_0-security-profile-ID2.html#name-authorization-code-flow-2)

**5.3.2.3. Client Initiated backchannel flow**

refer tol FAPI-CIBA spec

‌

2. We should make it clear that the same authentication and request signing requirements apply to both PAR and CIBA auth request endpoints. and take that out of the CIBA spec.

‌

Responsible: Dima Postnikov

More information about the Openid-specs-fapi mailing list