[Openid-specs-mobile-profile] Issue #153: Change examples to use public key crypto for auth (openid/mobile)
issues-reply at bitbucket.org
Tue Feb 5 06:54:31 UTC 2019
New issue 153: Change examples to use public key crypto for auth
> - section 7.2
> — bullet 1. "… It is RECOMMENDED that Clients not send shared secrets in the Authentication Request but rather that public key cryptography be used.“
> I agree with this recommendation but all examples use shared secrets (Basic authz) to authenticate and authorize the respective RP. I suggest you change the examples to use public crypto.
More information about the Openid-specs-mobile-profile