openid / fapi / issues / #88 - Sender constraining the code — Bitbucket

Issue #88 invalid

Nat Sakimura created an issue 2017-05-03

For AS that provides request object registration endpoint, the AS can actually bind the code to the client certificate that was used to authenticate at the request object registration endpoint. This mitigates the code phishing attack.

Comments (4)

Nat Sakimura reporter
- changed status to invalid
It is constrained as we require PKCE in the public client case. For confidential client case, RFC6749 is already sender constraining.
- 2017-05-13T11:39:06+00:00
Nat Sakimura reporter
- changed component to Part 2: Advanced
- 2022-12-14T15:36:06+00:00
Nat Sakimura reporter
- changed component to FAPI 1 – Part 2: Advanced
- 2022-12-14T15:36:40+00:00
Nat Sakimura reporter
- changed component to FAPI 1: Advanced
- 2022-12-14T15:38:51+00:00
Log in to comment

Assignee: –

Type: bug

Priority: major

Status: invalid

Component: FAPI 1: Advanced

Milestone: –

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!