[Openid-specs-fapi] Issue #744: Allow OAuth 2.0 Attestation-Based Client Authentication (openid/fapi)
Nat Sakimura
nat at sakimura.org
Tue May 27 19:29:04 UTC 2025
It is worth a discussion. I recently had a similar enquiry, not really in
the wallet field but in the mobile apps field.
2025年5月28日(水) 4:02 josephheenan via Openid-specs-fapi <
openid-specs-fapi at lists.openid.net>:
> New issue 744: Allow OAuth 2.0 Attestation-Based Client Authentication
>
> https://bitbucket.org/openid/fapi/issues/744/allow-oauth-20-attestation-based-client
>
> Joseph Heenan:
>
> FAPI2 currently only allows private\_key\_jwt and mtls client
> authentication, both of which are kind of awkward for mobile clients to do.
>
> This makes it difficult for OID4VCI to adopt FAPI \(see [
> https://github.com/openid/OpenID4VCI/issues/291#issuecomment-2862965297](https://github.com/openid/OpenID4VCI/issues/291#issuecomment-2862965297)\
> ).
>
> I wonder if we can allow the new IETF draft in the future \(in addition to
> private\_key\_jwt / MTLS client auth\) - I think it would be a non-breaking
> extension:
>
> [
> https://datatracker.ietf.org/doc/draft-ietf-oauth-attestation-based-client-auth/](https://datatracker.ietf.org/doc/draft-ietf-oauth-attestation-based-client-auth/)
>
>
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-fapi
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20250528/4de7f05a/attachment.htm>
More information about the Openid-specs-fapi
mailing list