FAPI WG Meeting Notes (2019-10-09)
Date & Time: 2019-10-09 14:00 UTC
Location: GoToMeeting https://global.gotomeeting.com/join/321819862
- 1. Roll Call
- 2. Adoption of the Agenda (Nat)
- 3. Planning for HTTP Signature Session (Dave)
- 4. Issues
- 5. Pull Requests
- 6. AOB
The meeting was called to order at 14:05 UTC.
- Anders, Manu, John, Mike Jones, Annabel, Ralph need to be there for the special call.
A doodle poll to be created.
In the non-openid cases where scope does not include openid, "nonce" does not make sense. However, just requiring "state" is likely to be understating what the clients need to be doing to thwart CSRF etc. Callers agreed that requiring PKCE may be a better way to go. Folks should comment on the ticket of their opinions.
There seem to be two ways of returning it and UK and Australia are going to a different direction. It may be interesting to find out what is the current majority practice by taking a survey at IIW.
Joseph proposed a new wording on the call and there was a friendly amendment on it by Brian. Joseph is going to make a modified PR based on it so that people can review the concrete wording.
The meeting was adjourned at 14:58 UTC.