<div dir="ltr">It is worth a discussion. I recently had a similar enquiry, not really in the wallet field but in the mobile apps field. </div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">2025年5月28日(水) 4:02 josephheenan via Openid-specs-fapi <<a href="mailto:openid-specs-fapi@lists.openid.net">openid-specs-fapi@lists.openid.net</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">New issue 744: Allow OAuth 2.0 Attestation-Based Client Authentication<br>
<a href="https://bitbucket.org/openid/fapi/issues/744/allow-oauth-20-attestation-based-client" rel="noreferrer" target="_blank">https://bitbucket.org/openid/fapi/issues/744/allow-oauth-20-attestation-based-client</a><br>
<br>
Joseph Heenan:<br>
<br>
FAPI2 currently only allows private\_key\_jwt and mtls client authentication, both of which are kind of awkward for mobile clients to do.<br>
<br>
This makes it difficult for OID4VCI to adopt FAPI \(see [<a href="https://github.com/openid/OpenID4VCI/issues/291#issuecomment-2862965297](https://github.com/openid/OpenID4VCI/issues/291%23issuecomment-2862965297)%5C" rel="noreferrer" target="_blank">https://github.com/openid/OpenID4VCI/issues/291#issuecomment-2862965297](https://github.com/openid/OpenID4VCI/issues/291#issuecomment-2862965297)\</a>).<br>
<br>
I wonder if we can allow the new IETF draft in the future \(in addition to private\_key\_jwt / MTLS client auth\) - I think it would be a non-breaking extension:<br>
<br>
[<a href="https://datatracker.ietf.org/doc/draft-ietf-oauth-attestation-based-client-auth/%5D(https://datatracker.ietf.org/doc/draft-ietf-oauth-attestation-based-client-auth/)" rel="noreferrer" target="_blank">https://datatracker.ietf.org/doc/draft-ietf-oauth-attestation-based-client-auth/](https://datatracker.ietf.org/doc/draft-ietf-oauth-attestation-based-client-auth/)</a><br>
<br>
<br>
_______________________________________________<br>
Openid-specs-fapi mailing list<br>
<a href="mailto:Openid-specs-fapi@lists.openid.net" target="_blank">Openid-specs-fapi@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-fapi" rel="noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-fapi</a><br>
</blockquote></div>