[Openid-specs-igov] Need for public clients in iGov OAuth 2.0 Profile?
Dr. Kelley W Burgin
kburgin at mitre.org
Fri Apr 4 15:40:36 UTC 2025
Tom and I, as editors of the iGov OAuth 2.0 Profile, are asking if there are any implementations that require public clients.
Public clients are currently excluded, in particular, because all clients MUST authenticate to the authorization server, which public clients cannot.
We currently are planning to align with the FAPI 2.0 Security Profile which does not allow public clients.
Please provide input by Friday April 11 if you have an opinion.
Kelley (and Tom)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-igov/attachments/20250404/5bdde4d0/attachment.htm>
More information about the Openid-specs-igov
mailing list