Using OIDC Federation and FAPI together

The Certification team have received several queries about using https://openid.net/specs/openid-connect-federation-1_0-17.html together with FAPI and whether any FAPI profile of Federation is necessary.

Possible items I noted that may require consideration:

It may make sense to make a recommendation as to whether explicit or automatic client registration should/must be used
The federation spec requires support for RS256, whereas FAPI has generally disallowed RS256 in favour of PS256.

but there may be further items.

Comments (2)