Spec says Authorization Server shall support both public and confidential clients;

Comments (8)

1. 

   Nat Sakimura

   At the time of the writing, I was assuming that banks are going to support mobile clients as well, but they apparently are not. Then, this requirement can be too demanding. We probably want to introduce some conditionals such as:

   Authorization Server shall support confidential clients if it supports web server based clients. Authorization Server shall support public clients if it supports mobile clients. etc.

   • 2017-03-02T17:51:43+00:00
2. 

   Nat Sakimura

   On the related thing, needs for PKCE support can be optional. Having said that, since PKCE will prevent the privillage escalation by the code swap, it is better to have PKCE.

   • 2017-03-08T00:26:43+00:00
3. 

   Nat Sakimura

   Re: #73

   → <<cset 8d420fd67b79>>

   • 2017-03-08T00:27:18+00:00
4. 

   Sascha Preibisch

   What about "... shall support confidential clients and may support public clients .... "?

   • 2017-03-10T06:23:57+00:00
5. 

   Nat Sakimura

   • changed status to closed

   • 2017-03-29T14:44:34+00:00
6. 

   Nat Sakimura

   • changed component to Part 2: Advanced

   • 2022-12-14T15:36:05+00:00
7. 

   Nat Sakimura

   • changed component to FAPI 1 – Part 2: Advanced

   • 2022-12-14T15:36:40+00:00
8. 

   Nat Sakimura

   • changed component to FAPI 1: Advanced

   • 2022-12-14T15:38:50+00:00
9. Log in to comment