Financial-grade API Security Profile 1.0 - Part 2: Advanced

Spec: https://openid.net/specs/openid-financial-api-part-2-1_0.html

## Work Required

* [ ] Based on #246 
* [ ] Support [JARM](https://bitbucket.org/openid/fapi/src/master/oauth-v2-jarm.md) (with setting to require it)
* [ ] Support [PAR](https://tools.ietf.org/html/draft-ietf-oauth-par)
* [ ] Add configuration that restricts the client to more safe settings
  * [ ] Check `s_hash` in ID token (based on `state`)
  * [ ] Require signed request object
  * [ ] More restictive mTLS settings: [TLS considerations](https://openid.net/specs/openid-financial-api-part-2-1_0.html#tls-considerations)
  * [ ] No `none` algorithm
  * [ ] No `RSASSA-PKCS1-v1_5` algorithms like `RS256`
  * [ ] `jwks_uri` require HTTPS
  * [ ] No JWE `x5u` / `jku`
  * [ ] Unique `kid` for JWK Sets (consider `alg` / `use` / `kty` and `crv`)

:pushpin: This issue is here to track interest for the implementation. Leave a :+1: if you would like this implemented.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Financial-grade API Security Profile 1.0 - Part 2: Advanced #247

Work Required

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Financial-grade API Security Profile 1.0 - Part 2: Advanced #247

Description

Work Required

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions