Change examples to use public key crypto for auth
Issue #153
resolved
From Torsten:
- section 7.2
— bullet 1. "… It is RECOMMENDED that Clients not send shared secrets in the Authentication Request but rather that public key cryptography be used.“
I agree with this recommendation but all examples use shared secrets (Basic authz) to authenticate and authorize the respective RP. I suggest you change the examples to use public crypto.
Comments (5)
-
reporter -
reporter -
assigned issue to
-
assigned issue to
-
Pull Request
#68has proposed changes for this -
- changed status to resolved
fixing
#153Merged in b_c/modrna-fork/i153 (pull request#68)CIBA example changes
Approved-by: Joseph Heenan joseph@authlete.com
→ <<cset e1393bb5db78>>
-
fixing
#153Merged in b_c/modrna-fork/i153 (pull request#68)CIBA example changes
Approved-by: Joseph Heenan joseph@authlete.com
→ <<cset e1393bb5db78>>
- Log in to comment
maybe use
private_key_jwt