FAPI2SP: Add requirement for RP to use discovery

Merged
#363 · Created  · Last updated

Merged pull request

Merged in fapi2-rp-discovery (pull request #363)

cbe3423·Author: ·Closed by: ·2022-08-17

Description

This seems to be an ommission; we already require the OP to support discovery. Requiring the RP to use it provides protection against some forms of attacks as discussed in:

https://bitbucket.org/openid/fapi/issues/525/decide-on-what-to-do-for-a-cuckoo-s-token

related to #536

0 attachments

0 comments

Loading commits...