Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to indicate certain credential configurations need oauth client attestation? #302

Open
awoie opened this issue Apr 24, 2024 · 3 comments
Open

How to indicate certain credential configurations need oauth client attestation? #302

awoie opened this issue Apr 24, 2024 · 3 comments

Comments

@awoie
Copy link
Contributor

awoie commented Apr 24, 2024

Perhaps this issue should be filed in a different repository.

Two questions:

  • Should we define a mechanism that some of the credential configurations require oauth client attestation while others may not?
  • Would it make sense to define a token endpoint auth method for oauth client attestation to indicate oauth client auth is supported, e.g., by including it in the token_endpoint_auth_methods_supported metadata?
@paulbastian
Copy link
Contributor

paulbastian commented Apr 26, 2024
edited
Loading

The latter already exists, but I think there is no possible way to communicate so for a particular credential configuration.

@awoie
Copy link
Contributor Author

awoie commented Apr 28, 2024

Is it a possibility that some configurations might need an attestation, others don't?

@paulbastian
Copy link
Contributor

The same applies to PKCE, Dpop and so on?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@paulbastian @awoie