openid / fapi / issues / #621 - FAPI CIBA — Bitbucket

Issue #621 new

Dave Tonge created an issue 2023-08-09

We have this clause:

shall ensure the Authorization Server has authenticated the user to an appropriate level for the client's intended purpose.

Tim asked:

How is the client supposed to do this? I guess this was written with acr in mind, or is there any other standardized mechanism (apart from checking AS policies) to consider?

‌

Comments (3)

Dave Tonge reporter
we discussed on the call and agreed to remove the clause - as its difficult to test, and there isn’t anything about CIBA that requires it if the redirect flow doesn’t
- 2023-08-16T14:24:58+00:00
Dave Tonge reporter
- assigned issue to
  
  Dave Tonge
- 2023-08-16T14:25:06+00:00
Dave Tonge reporter
https://bitbucket.org/openid/fapi/pull-requests/417
- 2023-09-27T14:04:51+00:00
Log in to comment

Assignee: Dave Tonge

Type: bug

Priority: major

Status: new

Component: CIBA

Milestone: –

Votes: 0

Watchers: 2

Jira: the preferred issue tracker for Bitbucket. Join the team!