FAPI CIBA
Issue #621
new
We have this clause:
shall ensure the Authorization Server has authenticated the user to an appropriate level for the client's intended purpose.
Tim asked:
How is the client supposed to do this? I guess this was written with
acr
in mind, or is there any other standardized mechanism (apart from checking AS policies) to consider?
Comments (3)
-
reporter -
reporter -
assigned issue to
-
assigned issue to
-
reporter - Log in to comment
we discussed on the call and agreed to remove the clause - as its difficult to test, and there isn’t anything about CIBA that requires it if the redirect flow doesn’t