[Openid-specs-fapi] Issue #752: Request for a tailored FAPI 2.0 conformance profile (or modification of current): M2M/non-interactive FAPI2SP OP private key + DPoP (openid/fapi)
Robert Gallagher
issues-reply at bitbucket.org
Wed Jul 30 18:46:37 UTC 2025
New issue 752: Request for a tailored FAPI 2.0 conformance profile (or modification of current): M2M/non-interactive FAPI2SP OP private key + DPoP
https://bitbucket.org/openid/fapi/issues/752/request-for-a-tailored-fapi-20-conformance
Robert Gallagher:
Mastercard would like to certify their implementation that doesn’t support the optional "Authorization code flow” part of FAPI2 security profile - i.e. only implements the client credentials grant, and would like OIDF to extend their certification tests & programme to cover this case.
More background:
1. Implementing the Client Credentials flow \(private\_key\_jwt \+ DPoP\), for requesting access tokens and consuming resources with access tokens
2. Not implementing PAR, or exposing an “authorization” endpoint, with end-user redirection etc.
3. There currently is no conformance suite for testing this case
More information about the Openid-specs-fapi
mailing list